Plateforme
other
Composant
fast-tools
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Yokogawa FAST/TOOLS. This flaw allows an attacker to potentially compromise user accounts by tricking them into accessing a specially crafted link. The vulnerability affects versions from R9.01 through R10.04 of FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB). A fix is expected from Yokogawa.
Successful exploitation of this CSRF vulnerability allows an attacker to perform actions on behalf of an authenticated user without their knowledge or consent. This could include modifying user settings, accessing sensitive data, or even initiating unauthorized operations within the FAST/TOOLS system. The potential impact is significant, particularly in environments where FAST/TOOLS manages critical industrial processes, as an attacker could potentially disrupt operations or gain unauthorized access to control systems. The blast radius extends to any user with access to the affected FAST/TOOLS instance.
This vulnerability was publicly disclosed on 2026-02-09. There is currently no public proof-of-concept (POC) available. The EPSS score is pending evaluation. It is not currently listed on the CISA KEV catalog.
Organizations utilizing Yokogawa FAST/TOOLS for industrial automation and control systems are at risk, particularly those with legacy configurations or shared hosting environments. Users with elevated privileges within FAST/TOOLS are at higher risk of exploitation.
disclosure
Statut de l'Exploit
EPSS
0.02% (percentile 4%)
CISA SSVC
Until a patch is released by Yokogawa, several mitigation strategies can be employed. Implement strict input validation and output encoding to prevent malicious scripts from being injected. Consider implementing CSRF tokens for all sensitive operations within FAST/TOOLS. Restrict access to FAST/TOOLS based on the principle of least privilege. Monitor network traffic for suspicious requests originating from untrusted sources. After a patch is released, upgrade FAST/TOOLS to the fixed version and verify the mitigation by attempting to trigger a CSRF attack with a known payload – the request should be blocked or require authentication.
Mettre à jour FAST/TOOLS à une version ultérieure à la 10.04 pour atténuer la vulnérabilité CSRF. Consulter l'avis de sécurité du fournisseur pour obtenir des instructions détaillées sur la mise à jour. Implémenter des mesures de sécurité CSRF supplémentaires dans l'application.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-66595 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Yokogawa FAST/TOOLS versions 9.01–R10.04, allowing attackers to potentially compromise user accounts.
If you are running Yokogawa FAST/TOOLS versions between R9.01 and R10.04 (including RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB), you are potentially affected by this vulnerability.
Upgrade to a patched version of FAST/TOOLS when available from Yokogawa. Until then, implement mitigation strategies like CSRF tokens and strict input validation.
There is currently no confirmed active exploitation of CVE-2025-66595, but it is important to apply mitigations proactively.
Please refer to the Yokogawa Electric Corporation website for the official advisory regarding CVE-2025-66595.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.