---
title: "Critical Vulnerabilities in AzeoTech DAQFactory: Patch Now to Prevent Exploitation"
short_title: "Critical flaws in AzeoTech DAQFactory demand urgent patching"
description: "AzeoTech DAQFactory versions up to 20.7 face 7 critical vulnerabilities, enabling arbitrary code execution and data leaks. Learn how to mitigate risks now."
author: "Vitus"
date: 2024-10-24
categories: [Cybersecurity, Vulnerabilities]
tags: [daqfactory, cve-2025, buffer-overflow, cybersecurity, critical-vulnerabilities]
score: 0.85
cve_ids: [CVE-2025-66590, CVE-2025-66589, CVE-2025-66588, CVE-2025-66587, CVE-2025-66586, CVE-2025-66585, CVE-2025-66584]
---
TL;DR
AzeoTech DAQFactory, a widely used data acquisition and control software, is plagued by seven critical vulnerabilities in versions up to 20.7 (Build 2555). These flaws, including buffer overflows, type confusion, and use-after-free issues, enable attackers to execute arbitrary code or leak sensitive data by tricking users into opening malicious `.ctl` files. AzeoTech has released DAQFactory 21.1 to address these risks, urging users to update immediately and adopt secure file-handling practices.
---
Main Content
Introduction
AzeoTech DAQFactory, a powerful software platform for industrial data acquisition and control, has been found vulnerable to seven high-severity security flaws. These vulnerabilities, discovered by security researchers Michael Heinzl and ZDI, affect all versions up to 20.7 (Build 2555). Exploitation requires low attack complexity and could lead to arbitrary code execution, information disclosure, or system crashes. Organizations using DAQFactory must act swiftly to mitigate risks and prevent potential cyberattacks.
---
Key Points
- Seven critical vulnerabilities identified in AzeoTech DAQFactory, including out-of-bounds write/read, heap/stack-based buffer overflows, type confusion, use-after-free, and uninitialized pointer access.
- CVSS v4 scores range from 7.3 to 8.4, indicating high to critical severity.
- Exploitation requires attackers to trick users into opening a malicious `.ctl` file, leading to arbitrary code execution or data leaks.
- AzeoTech has released DAQFactory 21.1 to patch these vulnerabilities. Users are advised to update immediately and follow secure file-handling practices.
- No known public exploitation has been reported yet, but the high attack complexity does not diminish the urgency of patching.
---
Technical Details
#### Affected Products
- AzeoTech DAQFactory: All versions up to and including 20.7 (Build 2555).
#### Vulnerability Breakdown
The vulnerabilities stem from improper memory handling during the parsing of `.ctl` files. Below is a detailed breakdown:
| CVE ID | Vulnerability Type | CVSS v3.1 Score | CVSS v4 Score | Impact |
|-----------------------|--------------------------------------------|---------------------|-------------------|----------------------------------------------------------------------------|
| CVE-2025-66590 | Out-of-Bounds Write | 7.8 | 8.4 | Arbitrary code execution or system crash. |
| CVE-2025-66589 | Out-of-Bounds Read | 7.8 | 8.4 | Information disclosure or system crash. |
| CVE-2025-66588 | Access of Uninitialized Pointer | 7.8 | 8.4 | Arbitrary code execution. |
| CVE-2025-66587 | Heap-Based Buffer Overflow | 7.8 | 7.3 | Memory corruption and arbitrary code execution. |
| CVE-2025-66586 | Type Confusion | 7.8 | 7.3 | Memory corruption and arbitrary code execution. |
| CVE-2025-66585 | Use After Free | 7.8 | 7.3 | Memory corruption and arbitrary code execution. |
| CVE-2025-66584 | Stack-Based Buffer Overflow | 7.8 | 7.3 | Memory corruption and arbitrary code execution. |
---
Impact Assessment
Successful exploitation of these vulnerabilities could have severe consequences for organizations relying on DAQFactory for industrial control and data acquisition:
1. Arbitrary Code Execution: Attackers could gain full control over affected systems, enabling them to disrupt operations, steal sensitive data, or deploy ransomware.
2. Information Disclosure: Sensitive data, including proprietary industrial processes or credentials, could be exposed.
3. System Crashes: Exploitation could lead to denial-of-service (DoS) conditions, halting critical industrial processes.
4. Supply Chain Risks: As DAQFactory is deployed worldwide in critical manufacturing sectors, these vulnerabilities could have far-reaching implications for global supply chains.
---
Mitigation Steps
AzeoTech and CISA (Cybersecurity and Infrastructure Security Agency) have provided the following recommendations to mitigate risks:
#### Immediate Actions
- Upgrade to DAQFactory 21.1 immediately to patch all identified vulnerabilities.
- Avoid opening `.ctl` files from untrusted or unknown sources.
- Store `.ctl` files in admin-restricted folders to prevent unauthorized modifications.
- Enable "Safe Mode" when loading documents that have been out of your control.
- Apply document editing passwords to restrict unauthorized access.
#### Defensive Measures
- Minimize network exposure for control system devices. Ensure they are not accessible from the internet.
- Isolate control system networks behind firewalls and segregate them from business networks.
- Use secure remote access methods, such as VPNs, and ensure they are updated to the latest version.
- Follow CISA’s recommended practices for [industrial control systems (ICS) security](https://www.cisa.gov/topics/industrial-control-systems).
#### User Awareness
- Educate employees about the risks of social engineering attacks, such as phishing emails with malicious attachments.
- Avoid clicking on suspicious links or opening unsolicited email attachments.
- Refer to CISA’s guides on [recognizing email scams](https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf) and [avoiding social engineering attacks](https://www.cisa.gov/uscert/ncas/tips/ST04-014).
---
Affected Systems
- Critical Manufacturing Sector: DAQFactory is widely used in industrial environments, making these vulnerabilities particularly concerning for critical infrastructure.
- Global Deployment: The software is deployed worldwide, increasing the potential impact of these flaws.
- United States Headquarters: AzeoTech is based in the U.S., but its user base spans multiple countries.
---
Conclusion
The discovery of seven critical vulnerabilities in AzeoTech DAQFactory underscores the ongoing risks faced by industrial control systems. While no active exploitation has been reported, the potential for arbitrary code execution and data leaks demands immediate action. Organizations must upgrade to DAQFactory 21.1, adopt secure file-handling practices, and implement defensive measures to protect their systems.
Failure to address these vulnerabilities could result in disrupted operations, data breaches, or even physical damage in industrial environments. Stay vigilant, patch promptly, and follow CISA’s guidelines to safeguard critical infrastructure.
---
References
[^1]: CISA. "[ICSA-25-345-03 AzeoTech DAQFactory](https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03)". Retrieved 2024-10-24.
[^2]: MITRE. "[CWE-787: Out-of-Bounds Write](https://cwe.mitre.org/data/definitions/787.html)". Retrieved 2024-10-24.
[^3]: MITRE. "[CWE-125: Out-of-Bounds Read](https://cwe.mitre.org/data/definitions/125.html)". Retrieved 2024-10-24.
[^4]: AzeoTech. "[DAQFactory Release Notes](https://www.azeotech.com/)". Retrieved 2024-10-24.