CVE-2025-66584 identifies a stack-based buffer overflow vulnerability in AzeoTech DAQFactory release 20.7 (Build 2555), specifically triggered when parsing specially crafted .ctl files. DAQFactory is a software platform widely used for industrial data acquisition and control automation. The vulnerability stems from improper bounds checking on input data within these control files, allowing an attacker to overwrite the stack memory. This memory corruption can lead to arbitrary code execution within the context of the DAQFactory process, potentially enabling an attacker to execute malicious payloads, disrupt operations, or escalate further within the environment. The vulnerability has a CVSS 4.0 base score of 7.3, indicating high severity. The attack vector is local (AV:L), requiring the attacker to have local access to the system. The attack complexity is high (AC:H), meaning exploitation is non-trivial and requires specific conditions or crafted input. No privileges are required (PR:N), but user interaction (UI:P) is necessary, implying that the user must open or process the malicious .ctl file. The vulnerability impacts confidentiality, integrity, and availability at a high level (VC:H, VI:H, VA:H). There are no known public exploits or patches available at the time of publication, and the vulnerability was reserved and published in December 2025. The lack of patches emphasizes the need for immediate mitigation and monitoring. Given DAQFactory’s role in industrial control and data acquisition, exploitation could disrupt critical infrastructure or industrial processes.

For European organizations, especially those involved in industrial automation, manufacturing, and critical infrastructure, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized code execution, potentially disrupting data acquisition processes, corrupting operational data, or causing system downtime. This could impact operational continuity, safety systems, and data integrity. Confidentiality of sensitive operational data could also be compromised if attackers leverage this vulnerability to move laterally or exfiltrate information. The requirement for local access and user interaction limits remote exploitation but does not eliminate risk, particularly in environments where users handle .ctl files frequently or where insider threats exist. The absence of patches increases exposure time, necessitating proactive defenses. Disruptions in industrial environments could have cascading effects on supply chains and service delivery across Europe.

1. Restrict access to DAQFactory systems and .ctl files to trusted and authorized personnel only, minimizing the risk of malicious file introduction. 2. Implement strict file validation and scanning mechanisms for .ctl files before processing, using sandboxing or automated static analysis tools to detect malformed inputs. 3. Employ application whitelisting and process monitoring to detect anomalous behavior indicative of exploitation attempts. 4. Isolate DAQFactory systems from general user networks to reduce the likelihood of local attacker presence. 5. Educate users on the risks of opening untrusted .ctl files and enforce policies to avoid processing files from unknown sources. 6. Monitor vendor communications closely for patches or updates and apply them promptly once available. 7. Consider deploying host-based intrusion detection systems (HIDS) tailored to detect buffer overflow exploitation patterns. 8. Regularly back up critical configuration and operational data to enable rapid recovery in case of compromise.