CVE-2025-66604 Yokogawa CVE debrief

Who should care

Operators and administrators of Yokogawa FAST/TOOLS deployments, especially industrial control system environments exposing the web interface, should review whether the affected product and version are in use and apply vendor guidance.

Technical summary

The source advisory describes a web-facing information disclosure condition: the application may reveal a library version on a page. By itself, the issue does not indicate direct code execution or service disruption, but version exposure can help an attacker identify a target’s software stack and tailor subsequent attacks. The advisory assigns CVSS 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N with a LOW severity score of 3.1.

Defensive priority

Low for immediate impact, but worth addressing during normal maintenance because the issue is publicly disclosed and the vendor provides a specific fixed revision and patch sequence.

Recommended defensive actions

• Update to revision R10.04 and apply patch software CS_e12787.
• After the patch is applied, apply R10.04 SP3.
• Review whether the FAST/TOOLS web interface exposes unnecessary version or diagnostic information.
• Follow Yokogawa’s broader security program guidance, including patching, antivirus, backup and recovery, zoning, hardening, whitelisting, and firewalls.
• Use Yokogawa’s contact channel for product-specific remediation questions.

Evidence notes

The source corpus states: “The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks.” It also lists the vendor remediation path to R10.04, CS_e12787, and R10.04 SP3. The CVSS vector provided in the advisory is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N.

Official resources