These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-66590 is a high-severity out-of-bounds write vulnerability in AzeoTech DAQFactory release 20.7 (Build 2555), published by CISA on December 11, 2025, with subsequent modifications through January 12, 2026. The vulnerability allows an attacker to cause the program to write data past the end of an allocated memory buffer, potentially leading to arbitrary code execution or system crash. The CVSS 3.1 [truncated]
AzeoTech DAQFactory release 20.7 (Build 2555) contains an out-of-bounds read vulnerability that can be exploited to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash. The vulnerability was published by CISA on December 11, 2025, and subsequently modified on January 12, 2026. AzeoTech has released DAQFactory Rele [truncated]
AzeoTech DAQFactory release 20.7 (Build 2555) contains an Access of Uninitialized Pointer vulnerability that can lead to arbitrary code execution. This vulnerability was disclosed by CISA on December 11, 2025, and subsequently modified on January 12, 2026. The CVSS 3.1 score of 7.8 (HIGH) reflects local attack vector with low attack complexity, no privileges required, but user interaction required. The vu [truncated]
AzeoTech DAQFactory release 20.7 (Build 2555) contains an Access of Resource Using Incompatible Type vulnerability that can be exploited to cause memory corruption when parsing specially crafted .ctl files. Successful exploitation could allow an attacker to execute code in the context of the current process. This vulnerability was disclosed by CISA on December 11, 2025, and subsequently updated on Decembe [truncated]
A Use After Free vulnerability in AzeoTech DAQFactory release 20.7 (Build 2555) allows memory corruption through parsing of malicious .ctl files, potentially enabling arbitrary code execution in the context of the current process. The vulnerability requires local access with user interaction, as an attacker must convince a user to open a specially crafted file. CISA published this advisory on December 11, [truncated]