Details of VAR-202512-0020

ID

VAR-202512-0020

CVE

CVE-2025-66590

TITLE

AzeoTech DAQFactory CTL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-25-1130 // ZDI: ZDI-25-1129

DESCRIPTION

In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CTL files. An attacker can leverage this vulnerability to execute code in the context of the current process. AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, a US-based company, commonly used in industrial automation. AzeoTech DAQFactory contains an out-of-bounds write vulnerability

Trust: 3.33

sources: NVD: CVE-2025-66590 // ZDI: ZDI-25-1162 // ZDI: ZDI-25-1130 // ZDI: ZDI-25-1129 // CNVD: CNVD-2025-30861

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-30861

AFFECTED PRODUCTS

vendor:	azeotech	model:	daqfactory	scope:	-	version:	-	Trust: 2.1
vendor:	azeotech	model:	daqfactory release (build	scope:	eq	version:	20.72555)	Trust: 0.6

sources: ZDI: ZDI-25-1162 // ZDI: ZDI-25-1130 // ZDI: ZDI-25-1129 // CNVD: CNVD-2025-30861

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2025-66590
value:	HIGH
Trust: 2.1
ics-cert@hq.dhs.gov:	CVE-2025-66590
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-30861
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-30861
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

ZDI:	CVE-2025-66590
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 2.1

sources: ZDI: ZDI-25-1162 // ZDI: ZDI-25-1130 // ZDI: ZDI-25-1129 // CNVD: CNVD-2025-30861 // NVD: CVE-2025-66590

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2025-66590

PATCH

title:

AzeoTech has issued an update to correct this vulnerability.

url:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03

Trust: 2.1

sources: ZDI: ZDI-25-1162 // ZDI: ZDI-25-1130 // ZDI: ZDI-25-1129

EXTERNAL IDS

db:	NVD	id:	CVE-2025-66590	Trust: 3.7
db:	ICS CERT	id:	ICSA-25-345-03	Trust: 1.6
db:	ZDI_CAN	id:	ZDI-CAN-26837	Trust: 0.7
db:	ZDI	id:	ZDI-25-1162	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-25512	Trust: 0.7
db:	ZDI	id:	ZDI-25-1130	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-27811	Trust: 0.7
db:	ZDI	id:	ZDI-25-1129	Trust: 0.7
db:	CNVD	id:	CNVD-2025-30861	Trust: 0.6

sources: ZDI: ZDI-25-1162 // ZDI: ZDI-25-1130 // ZDI: ZDI-25-1129 // CNVD: CNVD-2025-30861 // NVD: CVE-2025-66590

REFERENCES

url:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03

Trust: 3.7

sources: ZDI: ZDI-25-1162 // ZDI: ZDI-25-1130 // ZDI: ZDI-25-1129 // CNVD: CNVD-2025-30861 // NVD: CVE-2025-66590

CREDITS

Rocco Calvi (@TecR0c) with TecSecurity

Trust: 1.4

sources: ZDI: ZDI-25-1162 // ZDI: ZDI-25-1129

SOURCES

db:	ZDI	id:	ZDI-25-1162
db:	ZDI	id:	ZDI-25-1130
db:	ZDI	id:	ZDI-25-1129
db:	CNVD	id:	CNVD-2025-30861
db:	NVD	id:	CVE-2025-66590

LAST UPDATE DATE

2025-12-20T19:39:02.502000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-25-1162	date:	2025-12-19T00:00:00
db:	ZDI	id:	ZDI-25-1130	date:	2025-12-17T00:00:00
db:	ZDI	id:	ZDI-25-1129	date:	2025-12-17T00:00:00
db:	CNVD	id:	CNVD-2025-30861	date:	2025-12-17T00:00:00
db:	NVD	id:	CVE-2025-66590	date:	2025-12-12T15:17:31.973

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-25-1162	date:	2025-12-19T00:00:00
db:	ZDI	id:	ZDI-25-1130	date:	2025-12-17T00:00:00
db:	ZDI	id:	ZDI-25-1129	date:	2025-12-17T00:00:00
db:	CNVD	id:	CNVD-2025-30861	date:	2025-12-17T00:00:00
db:	NVD	id:	CVE-2025-66590	date:	2025-12-11T21:15:58.233