Sign-up

ID

VAR-202512-0021


CVE

CVE-2025-66584


TITLE

AzeoTech DAQFactory Stack Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-30856

DESCRIPTION

In AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process. AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, a US-based company, commonly used in industrial automation. AzeoTech DAQFactory contains a stack buffer overflow vulnerability

Trust: 1.44

sources: NVD: CVE-2025-66584 // CNVD: CNVD-2025-30856

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-30856

AFFECTED PRODUCTS

vendor:azeotechmodel:daqfactory release (buildscope:eqversion:20.72555)

Trust: 0.6

sources: CNVD: CNVD-2025-30856

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov: CVE-2025-66584
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-30856
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-30856
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2025-30856 // NVD: CVE-2025-66584

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

sources: NVD: CVE-2025-66584

EXTERNAL IDS

db:NVDid:CVE-2025-66584

Trust: 1.6

db:ICS CERTid:ICSA-25-345-03

Trust: 1.6

db:CNVDid:CNVD-2025-30856

Trust: 0.6

sources: CNVD: CNVD-2025-30856 // NVD: CVE-2025-66584

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03

Trust: 1.6

sources: CNVD: CNVD-2025-30856 // NVD: CVE-2025-66584

SOURCES

db:CNVDid:CNVD-2025-30856
db:NVDid:CVE-2025-66584

LAST UPDATE DATE

2025-12-20T19:39:02.662000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-30856date:2025-12-17T00:00:00
db:NVDid:CVE-2025-66584date:2025-12-12T15:17:31.973

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-30856date:2025-12-17T00:00:00
db:NVDid:CVE-2025-66584date:2025-12-11T21:15:57.263