Cyber Posture

CVE-2025-66589

Critical
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: affectedAppOther: not affectedOth

Published: 11 December 2025

Published
11 December 2025
Modified
02 January 2026
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0010 27.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66589 is a critical-severity Out-of-bounds Read (CWE-125) vulnerability in Azeotech Daqfactory. Its CVSS base score is 9.1 (Critical).

Operationally, ranked at the 27.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or…

more

cause a system crash.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-125

Affected Products

azeotech
daqfactory
≤ 21.1

EU & UK References

Regulatory context (EU CRA / NIS2 / DORA / UK NIS Regulations)

EU Cyber Resilience Act — coordinated disclosure

Critical and high-severity vulnerabilities in products with digital elements may trigger coordinated-disclosure obligations under the EU Cyber Resilience Act (CRA, Regulation 2024/2847). Manufacturers placing products on the EU market must notify ENISA and the relevant CSIRTs without undue delay once active exploitation is known.

References