CVE-2025-66586 is a vulnerability classified under CWE-843 (Access of Resource Using Incompatible Type, or type confusion) affecting AzeoTech DAQFactory release 20.7 (Build 2555). The vulnerability arises during the parsing of .ctl files, which are configuration or control files used by DAQFactory for data acquisition and automation tasks. Due to improper handling of data types, specially crafted .ctl files can trigger memory corruption, potentially allowing an attacker to execute arbitrary code within the context of the DAQFactory process. The attack vector is local (AV:L), requiring the attacker to have local access to the system, but no privileges (PR:N) or authentication (AT:N) are needed. However, user interaction (UI:P) is required, meaning the victim must open or process the malicious .ctl file. The vulnerability impacts confidentiality, integrity, and availability at a high level (VC:H, VI:H, VA:H), indicating that successful exploitation could lead to full compromise of the affected process and potentially the host system. The CVSS 4.0 vector reflects a high complexity (AC:H) attack but no scope change (SC:N) or impact beyond the vulnerable component. No public exploits are known at this time, and no patches have been linked yet, indicating that mitigation relies on vendor updates and defensive controls. The vulnerability was reserved and published in December 2025 by ICS-CERT, highlighting its relevance to industrial control systems and critical infrastructure contexts where DAQFactory is commonly used.

For European organizations, especially those in industrial automation, manufacturing, and critical infrastructure sectors using AzeoTech DAQFactory, this vulnerability poses a significant risk. Successful exploitation could allow attackers to execute arbitrary code, leading to unauthorized control over data acquisition processes, manipulation of sensor data, disruption of automation workflows, or pivoting to other networked systems. This could result in operational downtime, safety hazards, data breaches, and loss of system integrity. Given DAQFactory's role in monitoring and controlling industrial processes, the impact extends beyond IT to physical processes, increasing potential safety and compliance risks. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate insider threats or attacks via social engineering. The absence of known exploits currently reduces immediate risk but also underscores the importance of proactive mitigation before exploit code becomes available.

1. Monitor AzeoTech's official channels for patches addressing CVE-2025-66586 and apply them promptly once released. 2. Restrict access to DAQFactory systems and .ctl files to trusted personnel only, employing strict access controls and least privilege principles. 3. Implement file integrity monitoring on .ctl files to detect unauthorized modifications or additions. 4. Educate users about the risks of opening untrusted .ctl files and enforce policies to prevent processing files from unknown sources. 5. Use application whitelisting and endpoint protection solutions to detect and block suspicious activities related to DAQFactory processes. 6. Network segmentation should isolate DAQFactory systems from broader enterprise networks to limit lateral movement in case of compromise. 7. Conduct regular security audits and vulnerability assessments focusing on industrial control systems and associated software. 8. Employ logging and monitoring to detect anomalous behavior indicative of exploitation attempts, such as unusual process executions or memory access patterns.