CVE-2025-66588
published 2025-12-11CVE-2025-66588: In AzeoTech DAQFactory release 20.7 (Build 2555), an access of uninitialized pointer vulnerability can be exploited by an attacker which can lead to arbitrary…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.24%
15.2th percentile
In AzeoTech DAQFactory release 20.7 (Build 2555), an access of uninitialized pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| azeotech | daqfactory | < 21.1 | 21.1 |
| azeotech | daqfactory | <= Release 20.7 (Build 2555) | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.4HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
AzeoTech DAQFactory up to 20.7 uninitialized pointer (icsa-25-345-03)
vuldb·2026-06-05·CVSS 8.4
CVE-2025-66588 [HIGH] AzeoTech DAQFactory up to 20.7 uninitialized pointer (icsa-25-345-03)
A vulnerability, which was classified as problematic, has been found in AzeoTech DAQFactory up to 20.7. The impacted element is an unknown function. Performing a manipulation results in uninitialized pointer.
This vulnerability is reported as CVE-2025-66588. The attack requires a local approach. No exploit exists.
GHSA
GHSA-3325-4gjp-wgf5: In AzeoTech DAQFactory release 20
ghsa_unreviewed·2025-12-11
CVE-2025-66588 [HIGH] CWE-824 GHSA-3325-4gjp-wgf5: In AzeoTech DAQFactory release 20
In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.
CISA ICS
AzeoTech DAQFactory (Update A)
cisa_ics·2025-12-30·CVSS 7.8
[HIGH] AzeoTech DAQFactory (Update A)
ICS Advisory
##
AzeoTech DAQFactory (Update A)
Last RevisedDecember 30, 2025
Alert CodeICSA-25-345-03
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of these vulnerabilities requires an attacker to upload a malicious .ctl file. This could lead to information disclosure or arbitrary code execution.
The following versions of AzeoTech DAQFactory are affected:
- DAQFactory (CVE-2025-66590, CVE-2025-66589, CVE-2025-66588, CVE-2025-66586, CVE-2025-66585)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 7.8
| AzeoTech
| AzeoTech DAQFactory
| Out-of-bounds Write, Out-of-bounds Read, Access of Uninitialized Pointer, Access of Resource Using Incompatible Type ('Type Confusion'), Use After
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-66586 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-66586 [HIGH] CVE-2025-66586 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66586 :
AzeoTech DAQFactory vulnerability analysis and mitigation
In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
Source : NVD
## 7.3
Score
Published December 11, 2025
Severity HIGH
CNA Score 7.3
Affected Technologies
AzeoTech DAQFactory
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:azeotech:daqfactory
Sources
Windows Severity HIGH Has Fix Added at: Jan 03,
Wiz
CVE-2025-66589 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-66589 [HIGH] CVE-2025-66589 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66589 :
AzeoTech DAQFactory vulnerability analysis and mitigation
In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash.
Source : NVD
## 8.4
Score
Published December 11, 2025
Severity HIGH
CNA Score 8.4
Affected Technologies
AzeoTech DAQFactory
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:azeotech:daqfactory
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 03, 2026
Win
Wiz
CVE-2025-66585 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-66585 [HIGH] CVE-2025-66585 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66585 :
AzeoTech DAQFactory vulnerability analysis and mitigation
In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
Source : NVD
## 7.3
Score
Published December 11, 2025
Severity HIGH
CNA Score 7.3
Affected Technologies
AzeoTech DAQFactory
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:azeotech:daqfactory
Sources
Windows Severity HIGH Has Fix Added at: Jan 03, 2026
Windows Severity HIGH
Wiz
CVE-2025-66590 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-66590 [HIGH] CVE-2025-66590 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66590 :
AzeoTech DAQFactory vulnerability analysis and mitigation
In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash.
Source : NVD
## 8.4
Score
Published December 11, 2025
Severity HIGH
CNA Score 8.4
Affected Technologies
AzeoTech DAQFactory
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 32.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:azeotech:daqfactory
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 03, 2026
Windows Sev
Wiz
CVE-2025-66588 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-66588 [HIGH] CVE-2025-66588 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66588 :
AzeoTech DAQFactory vulnerability analysis and mitigation
In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.
Source : NVD
## 8.4
Score
Published December 11, 2025
Severity HIGH
CNA Score 8.4
Affected Technologies
AzeoTech DAQFactory
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 32.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:azeotech:daqfactory
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 03, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 04, 2026
## Get a CVE risk assessment
Get a
2025-12-11
Published