{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-66590","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2025-12-04T21:11:02.201Z","datePublished":"2025-12-11T20:45:55.130Z","dateUpdated":"2026-06-04T20:36:34.829Z"},"containers":{"cna":{"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2026-06-04T20:36:34.829Z"},"title":"Out-of-bounds Write vulnerability in AzeoTech DAQFactory","datePublic":"2025-12-30T21:36:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-787","description":"CWE-787 Out-of-bounds Write","type":"CWE"}]}],"affected":[{"vendor":"AzeoTech","product":"DAQFactory","versions":[{"status":"affected","version":"0","lessThanOrEqual":"Release 20.7 (Build 2555)","versionType":"custom"},{"status":"unaffected","version":"Release 21.1"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"In AzeoTech DAQFactory release 20.7 (Build 2555), an out-of-bounds write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>In AzeoTech DAQFactory release 20.7 (Build 2555), an out-of-bounds write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash.</p><br>\n\n<br>"}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-345-03.json"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"HIGH","baseScore":8.4,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":7.8,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}],"solutions":[{"lang":"en","value":"AzeoTech has released the following update that addresses these issues:\n\n  *  DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n  *  Users are discouraged from using documents from unknown/untrusted sources.\n  *  Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n  *  Users are encouraged to operate in “Safe Mode” when loading documents that have been out of their control.\n  *  Users are encouraged to apply a document editing password to their documents.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>AzeoTech has released the following update that addresses these issues:</p><ul><li>DAQFactory: Release 21.1</li></ul><p>AzeoTech also recommends users take the following actions to reduce the risk:</p><ul><li>Users are discouraged from using documents from unknown/untrusted sources.</li><li>Users are encouraged to store .ctl files in a folder only writeable by admin-level users.</li><li>Users are encouraged to operate in “Safe Mode” when loading documents that have been out of their control.</li><li>Users are encouraged to apply a document editing password to their documents.</li></ul>\n\n<br>"}]}],"credits":[{"lang":"en","value":"Michael Heinzl","type":"finder"},{"lang":"en","value":"Rocco Calvi (@TecR0c) with TecSecurity of Trend Zero Day Initiative","type":"finder"},{"lang":"en","value":"Andrea Micalizzi (@rgod777) of Trend Zero Day Initiative","type":"finder"}],"source":{"advisory":"ICSA-25-345-03","discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-12T21:37:03.207098Z","id":"CVE-2025-66590","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-12T21:37:29.466Z"}}]}}