CVE-2025-66596

CVSS

No CVSS.

vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

References

Link	Resource
https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf

Configurations

No configuration.

History

09 Feb 2026, 05:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-09 05:16

Updated : 2026-02-09 16:08

NVD link : CVE-2025-66596

Mitre link : CVE-2025-66596

CVE.ORG link : CVE-2025-66596

JSON object : View

Products Affected

No product.

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

{"id": "CVE-2025-66596", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "7168b535-132a-4efe-a076-338f829b2eb9", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-09T05:16:23.950", "references": [{"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf", "source": "7168b535-132a-4efe-a076-338f829b2eb9"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "7168b535-132a-4efe-a076-338f829b2eb9", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product does not\nproperly validate request headers. When an attacker inserts an invalid host\nheader, users could be redirected to malicious sites.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"}], "lastModified": "2026-02-09T16:08:35.290", "sourceIdentifier": "7168b535-132a-4efe-a076-338f829b2eb9"}

CVE-2025-66596

JSON object

Attach tags to CVE-2025-66596

Attach tags to `CVE-2025-66596`