CVE-2025-66586— Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in AzeoTech DAQFactory
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-66586
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in AzeoTech DAQFactory
Source: NVD (National Vulnerability Database)
Vulnerability Description
In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用不兼容类型访问资源(类型混淆)
Source: NVD (National Vulnerability Database)
Vulnerability Title
AzeoTech DAQFactory 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AzeoTech DAQFactory是AzeoTech公司的一款轻松创建 HMI/SCADA 应用程序所需的工具。 AzeoTech DAQFactory 20.7版本存在安全漏洞,该漏洞源于解析特制.ctl文件时使用不兼容类型访问资源,可能导致内存损坏和执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AzeoTech | DAQFactory | 0 ~ Release 20.7 (Build 2555) | - |
II. Public POCs for CVE-2025-66586
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-66586
请登录查看更多情报信息。
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03government-resource
- https://nvd.nist.gov/vuln/detail/CVE-2025-66586
Same Patch Batch · AzeoTech · 2025-12-11 · 5 CVEs total
| CVE-2025-66590 | Out-of-bounds Write vulnerability in AzeoTech DAQFactory | |
| CVE-2025-66589 | Out-of-bounds Read vulnerability in AzeoTech DAQFactory | |
| CVE-2025-66585 | Use After Free vulnerability in AzeoTech DAQFactory | |
| CVE-2025-66588 | Access of Uninitialized Pointer vulnerability in AzeoTech DAQFactory |
IV. Related Vulnerabilities
Same product: DAQFactory
- CVE-2025-66585
Use After Free vulnerability in AzeoTech DAQFactory - CVE-2025-66588
Access of Uninitialized Pointer vulnerability in AzeoTech DA - CVE-2025-66589
Out-of-bounds Read vulnerability in AzeoTech DAQFactory - CVE-2025-66590
Out-of-bounds Write vulnerability in AzeoTech DAQFactory - CVE-2021-42698
AzeoTech DAQFactory
Same vendor: AzeoTech
- CVE-2025-66585
Use After Free vulnerability in AzeoTech DAQFactory - CVE-2025-66588
Access of Uninitialized Pointer vulnerability in AzeoTech DA - CVE-2025-66589
Out-of-bounds Read vulnerability in AzeoTech DAQFactory - CVE-2025-66590
Out-of-bounds Write vulnerability in AzeoTech DAQFactory - CVE-2021-42698
AzeoTech DAQFactory
V. Comments for CVE-2025-66586
No comments yet