CVE-2025-66586 is a type confusion vulnerability classified under CWE-843 found in AzeoTech DAQFactory release 20.7 (Build 2555). The vulnerability arises when the software parses specially crafted .ctl files, which are configuration or control files used by DAQFactory. Due to improper handling of resource types during parsing, an attacker can cause memory corruption. This memory corruption can be leveraged to execute arbitrary code within the context of the DAQFactory process, potentially allowing full control over the affected application. The vulnerability requires local access (attack vector: local), has high attack complexity, and does not require privileges or authentication, but does require user interaction (e.g., opening or loading a malicious .ctl file). The CVSS 4.0 vector indicates high impact on confidentiality, integrity, and availability, with no scope change. No patches have been published yet, and no known exploits are reported in the wild. DAQFactory is widely used in industrial automation and data acquisition systems, making this vulnerability particularly concerning for operational technology environments. The flaw could be exploited by an insider or through social engineering to trick users into loading malicious files, leading to potential disruption or takeover of critical monitoring and control systems.

For European organizations, especially those in industrial automation, manufacturing, and critical infrastructure sectors, this vulnerability could lead to severe consequences. Exploitation could result in unauthorized code execution, allowing attackers to manipulate data acquisition processes, disrupt operations, or exfiltrate sensitive information. This threatens confidentiality, integrity, and availability of industrial control systems. Given DAQFactory’s role in monitoring and controlling physical processes, successful exploitation could cause operational downtime, safety hazards, or financial losses. The requirement for local access and user interaction somewhat limits remote exploitation but insider threats or phishing attacks could facilitate exploitation. The lack of available patches increases exposure time. Organizations relying on DAQFactory for critical monitoring should consider this vulnerability a significant risk to their operational technology security posture.

1. Restrict access to DAQFactory .ctl files to trusted users only and implement strict file integrity monitoring to detect unauthorized modifications. 2. Educate users on the risks of opening untrusted or unsolicited .ctl files to reduce the likelihood of social engineering attacks. 3. Employ application whitelisting and sandboxing techniques to limit the impact of potential code execution within DAQFactory. 4. Monitor system and application logs for unusual behavior indicative of exploitation attempts. 5. Coordinate with AzeoTech for timely patch deployment once available and apply updates promptly. 6. Consider network segmentation to isolate DAQFactory systems from general IT networks, reducing attack surface. 7. Implement endpoint detection and response (EDR) solutions capable of detecting memory corruption or exploitation behaviors. 8. Conduct regular security assessments and penetration testing focused on industrial control systems to identify and remediate vulnerabilities proactively.