CVE-2025-66596 | THREATINT

Description

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

PUBLISHED Reserved 2025-12-05 | Published 2026-02-09 | Updated 2026-02-09 | Assigner YokogawaGroup

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

Problem types

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Product status

Default status

unknown

R9.01 (custom)

affected

References

web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf

cve.org (CVE-2025-66596)

nvd.nist.gov (CVE-2025-66596)

Download JSON