Multiple High-Severity Memory Vulnerabilities in AzeoTech DAQFactory
AzeoTech DAQFactory, a software and application development platform, has been found to contain several high-severity memory vulnerabilities in release 20.7 (Build 2555) and prior. Notably, these include an Out-of-bounds Read (CVE-2025-66589) and an Out-of-bounds Write (CVE-2025-66590), both of which can be exploited by attackers through the upload of a malicious .ctl file. The Out-of-bounds Read vulnerability may allow attackers to disclose sensitive information or cause a system crash, while the Out-of-bounds Write vulnerability could lead to arbitrary code execution or a system crash. Both vulnerabilities have been assigned a CVSS v4 base score of 8.4, indicating a high level of risk.
According to CISA and CVE advisories, successful exploitation of these vulnerabilities does not require remote access but does require the attacker to upload a crafted file. Additional vulnerabilities, such as Access of Uninitialized Pointer, Heap-based Buffer Overflow, Type Confusion, Use After Free, and Stack-based Buffer Overflow, have also been identified in the same product version, further increasing the risk profile for organizations using AzeoTech DAQFactory. Users are advised to review official advisories and apply mitigations as soon as possible to reduce exposure to these threats.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
CVE-2025-66589 and CVE-2025-66590 are publicly disclosed
The out-of-bounds read vulnerability CVE-2025-66589 and out-of-bounds write vulnerability CVE-2025-66590 in AzeoTech DAQFactory release 20.7 were publicly published. The disclosures described local, user-interaction-based exploitation conditions and directed users to update to the patched version.
CISA publishes advisory on multiple DAQFactory vulnerabilities
CISA published advisory ICSA-25-345-03 covering multiple critical vulnerabilities in AzeoTech DAQFactory, including out-of-bounds read and write issues, and provided mitigation guidance such as restricting file access, using safe mode, and network segmentation. The advisory stated that no public exploitation had been reported at the time of publication.
AzeoTech releases DAQFactory 21.1 to fix multiple vulnerabilities
AzeoTech released DAQFactory version 21.1 to address multiple critical memory-safety vulnerabilities affecting release 20.7 and prior. The flaws could be triggered by malicious .ctl files and may lead to arbitrary code execution or information disclosure with local access and user interaction.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
CVE-2025-66589 - Out-of-bounds Read vulnerability in AzeoTech DAQFactory
cvefeed.io
Open sourceCVE-2025-66590 - Out-of-bounds Write vulnerability in AzeoTech DAQFactory
cvefeed.io
Open sourceAzeoTech DAQFactory
cisa.gov
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Type Confusion Flaw in AzeoTech DAQFactory Enables Code Execution via .ctl Files
CISA issued an advisory for **CVE-2026-12390**, a high-severity type confusion vulnerability in **AzeoTech DAQFactory 21.1 and earlier** that can allow arbitrary code execution when a user opens a specially crafted `.ctl` file. The flaw affects software used in the **critical manufacturing sector** and deployed environments worldwide, and CISA assigned it a **CVSS v3.1 score of 7.8** and a **CVSS v4.0 score of 8.4**. The vulnerability is **not remotely exploitable** and requires **user interaction**, but successful exploitation could result in malicious file upload and code execution on affected systems. CISA and related vulnerability reporting recommend upgrading DAQFactory to a version **later than 21.1**, applying vendor patches, and avoiding untrusted `.ctl` files; **no known public exploitation** has been reported.
Jun 18, 2026
SEH Buffer Overflows in AIDA64 Enable Local Arbitrary Code Execution
Two high-severity vulnerabilities, **CVE-2019-25629** and **CVE-2019-25631**, affect **AIDA64 5.99.4900** products and can lead to local arbitrary code execution through structured exception handler (**SEH**) buffer overflows. The flaws were reported for **AIDA64 Extreme** and **AIDA64 Business**, respectively, and both are classified as **CWE-787** with a **CVSS v3.1** score vector of `AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`, indicating high impact across confidentiality, integrity, and availability. In **CVE-2019-25629**, an attacker can abuse the Hardware Monitoring logging feature in AIDA64 Extreme by supplying a malicious **CSV log file path**, triggering shellcode execution when the application processes that path. In **CVE-2019-25631**, AIDA64 Business is vulnerable through the **SMTP display name** field in preferences or the report wizard, where an attacker can overwrite SEH pointers and use **egg hunter shellcode** to gain code execution. Public references for both issues include vendor pages, **Exploit-DB** listings, and **VulnCheck** advisories.
Mar 24, 2026
High-Severity Flaws Expose Anviz Devices and CrossChex to RCE and Traffic Injection
Anviz products were disclosed with two high-severity vulnerabilities affecting both endpoint devices and management software. **CVE-2026-40066** impacts Anviz **CX2 Lite** and **CX7** devices, where the update mechanism accepts unverified packages and then unpacks and executes them as scripts. The weakness, classified as `CWE-494`, can enable **unauthenticated remote code execution** with high impact on confidentiality, integrity, and availability. A second flaw, **CVE-2026-40434**, affects **Anviz CrossChex Standard** and stems from improper verification of the source of a communication channel. Classified as `CWE-940`, the issue allows an attacker on the same network to inject TCP packets and alter or disrupt client-server traffic, creating high integrity and availability risk. The disclosures were tied to CISA ICS advisory materials and related CSAF documentation, indicating coordinated reporting around security weaknesses in Anviz access-control and workforce management technology.
Apr 17, 2026