Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-66586
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-11 Dec, 2025 | 20:54
Updated At-30 Dec, 2025 | 19:59
Rejected At-
▼CVE Numbering Authority (CNA)
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in AzeoTech DAQFactory

In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.

Affected Products
Vendor
AzeoTech
Product
DAQFactory
Default Status
unaffected
Versions
Affected
  • From 0 through Release 20.7 (Build 2555) (custom)
Problem Types
TypeCWE IDDescription
CWECWE-843CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
Type: CWE
CWE ID: CWE-843
Description: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
Metrics
VersionBase scoreBase severityVector
4.07.3HIGH
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

AzeoTech has released the following update that addresses these issues: * DAQFactory: Release 21.1 AzeoTech also recommends users take the following actions to reduce the risk: * Users are discouraged from using documents from unknown/untrusted sources. * Users are encouraged to store .ctl files in a folder only writeable by admin-level users. * Users are encouraged to operate in “Safe Mode” when loading documents that have been out of their control. * Users are encouraged to apply a document editing password to their documents.

Configurations
Workarounds
Exploits
Credits
finder
Rocco Calvi (@TecR0c) with TecSecurity of Trend Zero Day Initiative
finder
Andrea Micalizzi (@rgod777) of Trend Zero Day Initiative
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03
government-resource
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03
Resource:
government-resource
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found