CVE-2025-66585 – A Use After Free vulnerability in AzeoTech DAQF... (How to Fix)

Q: What is the severity of CVE-2025-66585?

CVE-2025-66585 has a CVSS score of 7.8 (HIGH). A Use After Free vulnerability in AzeoTech DAQFactory allows attackers to execute arbitrary code by tricking users into opening malicious .ctl files. This affects all users of DAQFactory 20.7 Build 2555 who process untrusted configuration files. Successful exploitation could lead to complete system compromise.

📋 TL;DR

A Use After Free vulnerability in AzeoTech DAQFactory allows attackers to execute arbitrary code by tricking users into opening malicious .ctl files. This affects all users of DAQFactory 20.7 Build 2555 who process untrusted configuration files. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

AzeoTech DAQFactory

Versions: 20.7 Build 2555

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when parsing specially crafted .ctl files, which are configuration files used by DAQFactory.

📦 What is this software?

Daqfactory by Azeotech

View all CVEs affecting Daqfactory →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with SYSTEM/root privileges leading to full system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation or code execution in the context of the DAQFactory process, potentially allowing attackers to manipulate industrial control systems.

🟢

If Mitigated

Denial of service or application crash if memory corruption occurs but code execution fails.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious files. No public exploits available as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version 20.8 or later

Vendor Advisory: https://www.azeotech.com/support/security-advisories/

Restart Required: Yes

Instructions:

1. Download latest DAQFactory version from vendor website
2. Run installer with administrative privileges
3. Restart all DAQFactory services and applications

🔧 Temporary Workarounds

Restrict .ctl file handling

windows

Block execution of .ctl files from untrusted sources and implement file integrity monitoring

Application whitelisting

windows

Implement application control to prevent unauthorized DAQFactory execution

🧯 If You Can't Patch

Implement strict access controls to prevent untrusted users from uploading or modifying .ctl files
Deploy endpoint detection and response (EDR) solutions to monitor for memory corruption attempts

🔍 How to Verify

Check if Vulnerable:

Check DAQFactory version in Help > About menu. If version is 20.7 Build 2555, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version is 20.8 or later in Help > About menu and test .ctl file parsing functionality.

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unexpected .ctl file access from unusual locations
Process creation from DAQFactory with unusual parameters

Network Indicators:

File transfers of .ctl files to DAQFactory systems
Unusual network connections originating from DAQFactory process

SIEM Query:

EventID=1000 OR EventID=1001 Source='DAQFactory' AND (ExceptionCode=0xc0000005 OR ExceptionCode=0xc0000374)

📊 Metadata

CVE ID: CVE-2025-66585

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.03% exploit probability (8.5th percentile)

Published: December 11, 2025

Last Updated: January 2, 2026

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66585, you might also want to check these: