PatchSiren cyber security CVE debrief
CVE-2025-66589 AzeoTech CVE debrief
AzeoTech DAQFactory release 20.7 (Build 2555) contains an out-of-bounds read vulnerability that can be exploited to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash. The vulnerability was published by CISA on December 11, 2025, and subsequently modified on January 12, 2026. AzeoTech has released DAQFactory Release 21.1 to address this issue.
- Vendor
- AzeoTech
- Product
- DAQFactory
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-12-11
- Original CVE updated
- 2026-01-12
- Advisory published
- 2025-12-11
- Advisory updated
- 2026-01-12
Who should care
Organizations using AzeoTech DAQFactory for industrial control and data acquisition applications should prioritize this update. System administrators, OT security teams, and engineers responsible for HMI/SCADA deployments should assess their exposure and apply the vendor fix. Given the local attack vector and user interaction requirement, organizations should also implement the recommended access controls and safe operational practices to reduce attack surface.
Technical summary
CVE-2025-66589 is an out-of-bounds read vulnerability in AzeoTech DAQFactory release 20.7 (Build 2555). The vulnerability can be triggered when processing malformed input, causing the application to read beyond allocated buffer boundaries. This memory safety defect may result in information disclosure from process memory or cause the application to crash. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates a local attack vector requiring user interaction but no privileges, with high impact across confidentiality, integrity, and availability. The vulnerability is classified as HIGH severity with a base score of 7.8. AzeoTech has addressed this issue in DAQFactory Release 21.1.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to DAQFactory Release 21.1 to address the out-of-bounds read vulnerability
- Avoid opening documents from unknown or untrusted sources
- Store .ctl files in directories with admin-only write permissions
- Use 'Safe Mode' when loading documents that have been outside organizational control
- Apply document editing passwords to protect .ctl files
- Review CISA ICS recommended practices for additional defensive guidance
Evidence notes
The vulnerability description and remediation information are derived from CISA CSAF advisory ICSA-25-345-03. The CVSS 3.1 score of 7.8 (HIGH) indicates local attack vector with low attack complexity, no privileges required, but user interaction required. The vulnerability allows for high impacts on confidentiality, integrity, and availability.
Official resources
-
CVE-2025-66589 CVE record
CVE.org
-
CVE-2025-66589 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-25-345-03 on December 11, 2025. Update A was issued on December 30, 2025, to update the researcher section and remove CVE-2025-66584 and CVE-2025-66587 after additional analysis showed they were duplicative. A后续