CVE-2025-66607 is a vulnerability classified under CWE-358 (Improperly Controlled Modification of Object Prototype Attributes) found in Yokogawa Electric Corporation's FAST/TOOLS software suite, specifically affecting versions from R9.01 through R10.04. The vulnerability arises due to an insecure setting in the HTTP response headers generated by the affected FAST/TOOLS packages (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB). This misconfiguration allows an attacker to manipulate the response headers to redirect users to malicious external websites without requiring authentication or user interaction. The attack vector is network-based (AV:N), but the attack complexity is high (AC:H), indicating that exploitation requires specific conditions or knowledge. The vulnerability impacts the integrity of user navigation by enabling forced redirection, which can be leveraged for phishing attacks, malware distribution, or further exploitation of client systems. The CVSS 4.0 base score is 6.3 (medium severity), reflecting limited impact on confidentiality and availability but a notable impact on integrity. No known exploits have been reported in the wild as of the publication date (February 9, 2026). The vulnerability affects critical industrial automation software widely used in process control environments, making it a concern for operational technology (OT) security. The lack of available patches at the time of reporting necessitates immediate mitigation through configuration hardening and monitoring.

For European organizations, especially those operating in industrial automation, energy, manufacturing, and critical infrastructure sectors, this vulnerability poses a risk of unauthorized redirection of users to malicious sites. Such redirections can lead to phishing attacks targeting employees or operators, potentially resulting in credential theft, malware infections, or unauthorized access to control systems. The integrity of operational processes could be compromised if attackers leverage redirection to deploy further attacks against OT environments. Although the vulnerability does not directly impact confidentiality or availability, the indirect effects of successful phishing or malware campaigns could lead to significant operational disruptions and data breaches. European industries with extensive use of Yokogawa FAST/TOOLS, particularly in Germany, France, the UK, Italy, and the Netherlands, face higher exposure due to the prevalence of industrial control systems and Yokogawa's market presence. The medium severity rating suggests that while the threat is not critical, it requires timely attention to prevent escalation.

1. Immediately review and harden HTTP response header configurations in FAST/TOOLS installations to prevent insecure redirection settings. 2. Implement strict Content Security Policy (CSP) headers and HTTP Strict Transport Security (HSTS) to limit the impact of malicious redirects. 3. Monitor network traffic and web server logs for unusual redirect patterns or unexpected external URL requests. 4. Restrict access to FAST/TOOLS web interfaces to trusted internal networks and VPNs to reduce exposure. 5. Educate users and operators about phishing risks associated with unexpected redirects and encourage reporting of suspicious activity. 6. Coordinate with Yokogawa Electric Corporation for timely patch releases and apply updates as soon as they become available. 7. Employ web application firewalls (WAFs) with rules to detect and block malicious redirection attempts targeting FAST/TOOLS. 8. Conduct regular security assessments and penetration testing focused on web interface vulnerabilities in industrial control systems. 9. Maintain an incident response plan tailored to OT environments to quickly address any exploitation attempts.