PatchSiren cyber security CVE debrief
CVE-2025-66590 AzeoTech CVE debrief
CVE-2025-66590 is a high-severity out-of-bounds write vulnerability in AzeoTech DAQFactory release 20.7 (Build 2555), published by CISA on December 11, 2025, with subsequent modifications through January 12, 2026. The vulnerability allows an attacker to cause the program to write data past the end of an allocated memory buffer, potentially leading to arbitrary code execution or system crash. The CVSS 3.1 score of 7.8 reflects local attack vector, low attack complexity, no privileges required, and user interaction required, with high impacts to confidentiality, integrity, and availability. AzeoTech has released DAQFactory Release 21.1 as a vendor fix. CISA recommends defense-in-depth measures including avoiding documents from untrusted sources, storing .ctl files in admin-writeable folders only, operating in Safe Mode when loading untrusted documents, and applying document editing passwords.
- Vendor
- AzeoTech
- Product
- DAQFactory
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-12-11
- Original CVE updated
- 2026-01-12
- Advisory published
- 2025-12-11
- Advisory updated
- 2026-01-12
Who should care
Organizations operating AzeoTech DAQFactory in industrial control system environments, particularly those processing untrusted document files or with multi-user access to .ctl configuration files. Asset owners in manufacturing, process control, and building automation sectors using DAQFactory for data acquisition and supervisory control should prioritize patching.
Technical summary
The vulnerability exists in DAQFactory release 20.7 (Build 2555) where an out-of-bounds write condition can be triggered, causing writes beyond allocated buffer boundaries. This memory safety defect may result in arbitrary code execution within the context of the application or cause denial of service through system crash. The attack requires local access and user interaction, suggesting exploitation via malicious document files.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to DAQFactory Release 21.1 per vendor fix guidance.
- Avoid opening documents from unknown or untrusted sources.
- Store .ctl files in directories with admin-only write permissions.
- Enable Safe Mode when loading documents that have been outside organizational control.
- Apply document editing passwords to protect document integrity.
- Review CISA ICS recommended practices for additional defense-in-depth strategies.
Evidence notes
Vendor and product identification derived from CSAF product tree with high confidence. Remediation guidance extracted from CSAF remediations section. CVSS vector confirmed via source references.
Official resources
-
CVE-2025-66590 CVE record
CVE.org
-
CVE-2025-66590 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published initial advisory ICSA-25-345-03 on December 11, 2025. Update A was issued on December 30, 2025, revising researcher attribution and removing CVE-2025-66584 and CVE-2025-66587 after analysis showed they duplicated other CVEs.