CVE-2025-66585 is a Use After Free (CWE-416) vulnerability identified in AzeoTech DAQFactory release 20.7 (Build 2555). The flaw arises during the parsing of specially crafted .ctl files, which are configuration or control files used by DAQFactory for data acquisition and automation tasks. The vulnerability allows an attacker to trigger memory corruption by exploiting the improper handling of memory that has already been freed. This memory corruption can be leveraged to execute arbitrary code within the context of the DAQFactory process, potentially leading to full compromise of the affected application. The vulnerability has a CVSS 4.0 base score of 7.3, indicating high severity. The attack vector is local (AV:L), requiring the attacker to have local access to the system and to convince a user to interact with a malicious .ctl file (UI:P). No privileges or authentication are required, which lowers the barrier to exploitation once local access is obtained. The vulnerability impacts confidentiality, integrity, and availability at a high level, meaning an attacker could steal sensitive data, manipulate system behavior, or cause denial of service. No patches or mitigations have been officially released at the time of publication, and no exploits are known to be in the wild. The vulnerability was assigned and published by ICS-CERT, highlighting its relevance to industrial control systems and critical infrastructure environments where DAQFactory is commonly deployed.

For European organizations, especially those involved in industrial automation, manufacturing, and critical infrastructure, this vulnerability poses a significant risk. DAQFactory is widely used for data acquisition and control in industrial environments, and exploitation could lead to unauthorized code execution, potentially disrupting operations or causing safety hazards. The high impact on confidentiality, integrity, and availability means sensitive operational data could be exposed or altered, and system stability could be compromised. Given the local attack vector, insider threats or attackers who gain initial footholds through other means could leverage this vulnerability to escalate their control. The lack of current patches increases the urgency for risk mitigation. Disruptions could have cascading effects on supply chains and critical services, particularly in countries with large industrial bases.

Until an official patch is released, European organizations should implement strict controls on the handling and transfer of .ctl files, including disabling automatic loading or parsing of untrusted .ctl files in DAQFactory. Employ application whitelisting and restrict local user permissions to minimize the risk of malicious file execution. Monitor systems for unusual activity related to DAQFactory processes and enforce network segmentation to limit local access to critical systems. Conduct user awareness training to prevent opening suspicious files. Additionally, maintain up-to-date backups and prepare incident response plans tailored to industrial control system environments. Once a patch becomes available, prioritize its deployment in all affected environments. Consider using endpoint detection and response (EDR) tools to detect potential exploitation attempts.