CVE-2025-66585 is a Use After Free vulnerability classified under CWE-416 found in AzeoTech DAQFactory release 20.7 (Build 2555). The flaw occurs during the parsing of .ctl files, which are configuration or control files used by DAQFactory for data acquisition and automation tasks. When a specially crafted .ctl file is processed, the software improperly manages memory, freeing an object prematurely and subsequently accessing it. This leads to memory corruption, which an attacker can leverage to execute arbitrary code within the context of the DAQFactory process. The vulnerability requires local access with user interaction, indicating that an attacker must trick a user into opening or processing a malicious .ctl file. The CVSS 4.0 vector indicates low attack vector (local), high attack complexity, no privileges required, user interaction needed, and high impact on confidentiality, integrity, and availability. Although no known exploits are currently in the wild, the potential for code execution makes this a serious threat. DAQFactory is commonly used in industrial control systems and data acquisition environments, making this vulnerability particularly relevant to operational technology sectors. The absence of available patches at the time of publication increases the urgency for mitigation through alternative controls.

The vulnerability allows an attacker to execute arbitrary code within the DAQFactory process, potentially compromising the confidentiality, integrity, and availability of data acquisition and control systems. For European organizations, especially those in industrial automation, manufacturing, and critical infrastructure sectors, exploitation could lead to unauthorized control of industrial processes, data manipulation, or disruption of operations. This could result in operational downtime, safety hazards, intellectual property theft, and regulatory non-compliance. Given DAQFactory’s role in monitoring and controlling physical processes, successful exploitation could have cascading effects on supply chains and critical services. The requirement for local access and user interaction somewhat limits the attack surface but does not eliminate risk, particularly in environments where users handle .ctl files regularly or where insider threats exist.

1. Immediately restrict access to DAQFactory .ctl files to trusted users only and monitor file transfers involving these files. 2. Implement strict application whitelisting to prevent execution of unauthorized or suspicious files within environments running DAQFactory. 3. Employ memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce exploitation success. 4. Educate users on the risks of opening untrusted .ctl files and enforce policies to avoid processing files from unknown sources. 5. Monitor DAQFactory process behavior for anomalies indicative of exploitation attempts, including unexpected memory usage or crashes. 6. Coordinate with AzeoTech for timely patch deployment once available and test patches in controlled environments before production rollout. 7. Use network segmentation to isolate DAQFactory systems from general IT networks to limit lateral movement in case of compromise. 8. Maintain up-to-date backups of configuration files and system states to enable recovery from potential attacks.