{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-66596","assignerOrgId":"7168b535-132a-4efe-a076-338f829b2eb9","state":"PUBLISHED","assignerShortName":"YokogawaGroup","dateReserved":"2025-12-05T05:04:18.582Z","datePublished":"2026-02-09T03:35:28.896Z","dateUpdated":"2026-02-09T19:05:44.946Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","product":"FAST/TOOLS","vendor":"Yokogawa Electric Corporation","versions":[{"lessThanOrEqual":"R10.04","status":"affected","version":"R9.01","versionType":"custom"}]}],"datePublic":"2026-02-09T03:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.</p>\n\n<p>This product does not\nproperly validate request headers. When an attacker inserts an invalid host\nheader, users could be redirected to malicious sites.</p>\n\n<p>The\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04</p>"}],"value":"A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product does not\nproperly validate request headers. When an attacker inserts an invalid host\nheader, users could be redirected to malicious sites.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":6.9,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-601","description":"CWE-601 URL Redirection to Untrusted Site ('Open Redirect')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7168b535-132a-4efe-a076-338f829b2eb9","shortName":"YokogawaGroup","dateUpdated":"2026-02-09T03:35:28.896Z"},"references":[{"url":"https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-09T19:04:04.739597Z","id":"CVE-2025-66596","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-09T19:05:44.946Z"}}]}}