CVE-2025-66608 Yokogawa CVE debrief

Who should care

Organizations running Yokogawa FAST/TOOLS, especially OT/ICS operators, system administrators, and security teams responsible for web-facing or enterprise-reachable industrial control system assets.

Technical summary

The advisory describes a URL validation flaw in Yokogawa FAST/TOOLS. CISA states that an attacker could send maliciously crafted requests to gain unauthorized access to files on the web server. The provided CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, which aligns with a remotely reachable issue that requires no prior privileges or user interaction and can expose confidential data. The source material does not include exploit details or evidence of active exploitation.

Defensive priority

High

Recommended defensive actions

• Update Yokogawa FAST/TOOLS to revision R10.04 and apply patch software CS_e12787, as recommended by Yokogawa.
• After the patch is applied, apply R10.04 SP3.
• Restrict access to FAST/TOOLS web interfaces to trusted management networks and enforce OT/ICS segmentation, firewalling, and whitelisting where appropriate.
• Follow Yokogawa and CISA guidance for a broader security program, including patch management, antivirus, backups, hardening, and recovery planning.
• Review web server access logs and related monitoring for abnormal or maliciously crafted requests targeting URL handling.

Evidence notes

Primary evidence comes from the CISA CSAF source item for ICSA-26-041-01, published and modified on 2026-02-10. The advisory text states that the product fails to adequately validate URLs and that malicious requests could grant unauthorized access to files on the web server. The supplied metadata also includes the CVSS v3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N and Yokogawa remediation guidance to update to R10.04, apply CS_e12787, and then apply R10.04 SP3. The provided enrichment marks this CVE as not in KEV.

Official resources