Sign-up

ID

VAR-202512-0019


CVE

CVE-2025-66589


TITLE

AzeoTech DAQFactory CTL File Parsing Memory Corruption Remote Code Execution Vulnerability

Trust: 4.2

sources: ZDI: ZDI-25-1161 // ZDI: ZDI-25-1160 // ZDI: ZDI-25-1159 // ZDI: ZDI-25-1158 // ZDI: ZDI-25-1157 // ZDI: ZDI-25-1156

DESCRIPTION

In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CTL files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, a US-based company, commonly used in industrial automation. AzeoTech DAQFactory contains an out-of-bounds read vulnerability

Trust: 5.22

sources: NVD: CVE-2025-66589 // ZDI: ZDI-25-1161 // ZDI: ZDI-25-1160 // ZDI: ZDI-25-1159 // ZDI: ZDI-25-1158 // ZDI: ZDI-25-1157 // ZDI: ZDI-25-1156 // CNVD: CNVD-2025-30860

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-30860

AFFECTED PRODUCTS

vendor:azeotechmodel:daqfactoryscope: - version: -

Trust: 4.2

vendor:azeotechmodel:daqfactory release (buildscope:eqversion:20.72555)

Trust: 0.6

sources: ZDI: ZDI-25-1161 // ZDI: ZDI-25-1160 // ZDI: ZDI-25-1159 // ZDI: ZDI-25-1158 // ZDI: ZDI-25-1157 // ZDI: ZDI-25-1156 // CNVD: CNVD-2025-30860

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2025-66589
value: HIGH

Trust: 4.2

ics-cert@hq.dhs.gov: CVE-2025-66589
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-30860
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-30860
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

ZDI: CVE-2025-66589
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 4.2

sources: ZDI: ZDI-25-1161 // ZDI: ZDI-25-1160 // ZDI: ZDI-25-1159 // ZDI: ZDI-25-1158 // ZDI: ZDI-25-1157 // ZDI: ZDI-25-1156 // CNVD: CNVD-2025-30860 // NVD: CVE-2025-66589

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

sources: NVD: CVE-2025-66589

PATCH

title:AzeoTech has issued an update to correct this vulnerability.url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03

Trust: 4.2

sources: ZDI: ZDI-25-1161 // ZDI: ZDI-25-1160 // ZDI: ZDI-25-1159 // ZDI: ZDI-25-1158 // ZDI: ZDI-25-1157 // ZDI: ZDI-25-1156

EXTERNAL IDS

db:NVDid:CVE-2025-66589

Trust: 5.8

db:ICS CERTid:ICSA-25-345-03

Trust: 1.6

db:ZDI_CANid:ZDI-CAN-26840

Trust: 0.7

db:ZDIid:ZDI-25-1161

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-26836

Trust: 0.7

db:ZDIid:ZDI-25-1160

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-26835

Trust: 0.7

db:ZDIid:ZDI-25-1159

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-25521

Trust: 0.7

db:ZDIid:ZDI-25-1158

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-25511

Trust: 0.7

db:ZDIid:ZDI-25-1157

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-25510

Trust: 0.7

db:ZDIid:ZDI-25-1156

Trust: 0.7

db:CNVDid:CNVD-2025-30860

Trust: 0.6

sources: ZDI: ZDI-25-1161 // ZDI: ZDI-25-1160 // ZDI: ZDI-25-1159 // ZDI: ZDI-25-1158 // ZDI: ZDI-25-1157 // ZDI: ZDI-25-1156 // CNVD: CNVD-2025-30860 // NVD: CVE-2025-66589

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03

Trust: 5.8

sources: ZDI: ZDI-25-1161 // ZDI: ZDI-25-1160 // ZDI: ZDI-25-1159 // ZDI: ZDI-25-1158 // ZDI: ZDI-25-1157 // ZDI: ZDI-25-1156 // CNVD: CNVD-2025-30860 // NVD: CVE-2025-66589

CREDITS

Rocco Calvi (@TecR0c) with TecSecurity

Trust: 2.1

sources: ZDI: ZDI-25-1161 // ZDI: ZDI-25-1160 // ZDI: ZDI-25-1159

SOURCES

db:ZDIid:ZDI-25-1161
db:ZDIid:ZDI-25-1160
db:ZDIid:ZDI-25-1159
db:ZDIid:ZDI-25-1158
db:ZDIid:ZDI-25-1157
db:ZDIid:ZDI-25-1156
db:CNVDid:CNVD-2025-30860
db:NVDid:CVE-2025-66589

LAST UPDATE DATE

2025-12-20T19:39:02.534000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-25-1161date:2025-12-19T00:00:00
db:ZDIid:ZDI-25-1160date:2025-12-19T00:00:00
db:ZDIid:ZDI-25-1159date:2025-12-19T00:00:00
db:ZDIid:ZDI-25-1158date:2025-12-19T00:00:00
db:ZDIid:ZDI-25-1157date:2025-12-19T00:00:00
db:ZDIid:ZDI-25-1156date:2025-12-19T00:00:00
db:CNVDid:CNVD-2025-30860date:2025-12-17T00:00:00
db:NVDid:CVE-2025-66589date:2025-12-12T15:17:31.973

SOURCES RELEASE DATE

db:ZDIid:ZDI-25-1161date:2025-12-19T00:00:00
db:ZDIid:ZDI-25-1160date:2025-12-19T00:00:00
db:ZDIid:ZDI-25-1159date:2025-12-19T00:00:00
db:ZDIid:ZDI-25-1158date:2025-12-19T00:00:00
db:ZDIid:ZDI-25-1157date:2025-12-19T00:00:00
db:ZDIid:ZDI-25-1156date:2025-12-19T00:00:00
db:CNVDid:CNVD-2025-30860date:2025-12-17T00:00:00
db:NVDid:CVE-2025-66589date:2025-12-11T21:15:58.073