Cyber Resilience

CVE-2025-66598

High

Published: 09 February 2026

Published
09 February 2026
Modified
06 March 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 7.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66598 is a high-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Yokogawa Fast\/Tools. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 7.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2025-66598 is a vulnerability in Yokogawa Electric Corporation's FAST/TOOLS software that supports outdated SSL/TLS versions, potentially enabling attackers to decrypt communications with the web server. The issue, classified under CWE-327 (Broken or Risky Cryptographic Algorithm), affects FAST/TOOLS packages including RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB in versions R9.01 through R10.04. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to significant confidentiality impact.

The vulnerability can be exploited remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation allows attackers to decrypt sensitive communications between clients and the FAST/TOOLS web server, potentially exposing confidential data transmitted over these connections.

Mitigation details are provided in the vendor advisory YSAR-26-0001-E, available at https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf. Security practitioners should consult this document for patching instructions and recommended workarounds.

EU & UK References

Vulnerability details

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN,…

more

UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Outdated/weak TLS directly enables passive or active decryption of web traffic, facilitating Adversary-in-the-Middle attacks.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-66597Same product: Yokogawa Fast\/Tools
CVE-2025-66603Same product: Yokogawa Fast\/Tools
CVE-2025-66602Same product: Yokogawa Fast\/Tools
CVE-2025-66606Same product: Yokogawa Fast\/Tools
CVE-2025-66608Same product: Yokogawa Fast\/Tools
CVE-2024-8603Shared CWE-327
CVE-2025-1924Same vendor: Yokogawa
CVE-2026-24785Shared CWE-327
CVE-2025-62514Shared CWE-327
CVE-2024-4282Shared CWE-327

Affected Assets

yokogawa
fast\/tools
r9.01 — r10.04

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires cryptographic protection for the confidentiality and integrity of transmitted information, directly mitigating decryption risks from outdated SSL/TLS versions in FAST/TOOLS web server communications.

prevent

Implements cryptographic mechanisms to prevent unauthorized disclosure during transmission, addressing the core cryptographic weakness (CWE-327) enabling attackers to decrypt sensitive data.

prevent

Mandates timely flaw remediation, including patching FAST/TOOLS versions R9.01 to R10.04 as advised in YSAR-26-0001-E to eliminate support for vulnerable SSL/TLS protocols.

References