Primary

Context

AzeoTech DAQFactory Use After Free Vulnerability Allowing Memory Corruption and Code Execution

Vulnerability

Patched

A use after free vulnerability has been identified in AzeoTech DAQFactory release 20.7 (Build 2555) and prior. This vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files, potentially allowing an attacker to execute code in the context of the current process.

Impact

Exploitation of this vulnerability can lead to memory corruption, allowing for arbitrary code execution in the context of the current process.

Remediation

AzeoTech has released an update to address this vulnerability in DAQFactory version 21.1. Users are also advised to store .ctl files in a folder only writable by admin-level users, operate in 'Safe Mode' when loading documents that have been out of their control, and apply a document editing password to their documents.

Added: Dec 11, 2025, 9:20 PM

Updated: Dec 11, 2025, 9:20 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

7.0

remediation

7.9

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

7.0

remediation

7.9

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AzeoTech DAQFactory Use After Free Vulnerability Allowing Memory Corruption and Code Execution

Vulnerability

Impact

Remediation

Affected Products

AzeoTech DAQFactory

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating