CVE-2025-66595 Yokogawa CVE debrief

Who should care

Organizations running Yokogawa FAST/TOOLS, especially OT/ICS teams, system administrators, patch managers, and any environment where users access the product through a browser or web session.

Technical summary

This is a CSRF weakness, mapped in the advisory references to CWE-352. In practical terms, an attacker may induce an authenticated user to submit unintended actions through a crafted link or similar request flow, creating account-compromise risk. The supplied advisory text emphasizes crafted-link delivery, while the supplied CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Defensive priority

Medium priority overall, with higher urgency if FAST/TOOLS is exposed to broader user access, administrative workflows, or externally reachable interfaces. Apply vendor remediation promptly because the issue can affect account integrity.

Recommended defensive actions

• Update Yokogawa FAST/TOOLS to revision R10.04.
• Apply patch software CS_e12787 as directed by the vendor.
• After the patch is applied, apply R10.04 SP3.
• Review which users can reach FAST/TOOLS web interfaces and limit access to trusted administrative networks where possible.
• Follow CISA ICS recommended practices and Yokogawa's broader security program guidance, including patch management, hardening, zoning, firewalls, and whitelisting.
• Validate affected installations and change-control steps against the CISA advisory and vendor instructions before deployment.

Evidence notes

Grounded in the supplied CISA CSAF source item for ICSA-26-041-01 and its linked official references. The source metadata identifies Yokogawa FAST/TOOLS, describes a CSRF issue, and lists the vendor remediation sequence R10.04 -> CS_e12787 -> R10.04 SP3. The supplied references also include CWE-352, the CVE record, CISA advisory page, and CISA ICS guidance resources. No KEV listing or ransomware linkage is present in the supplied corpus.

Official resources