CVE-2025-66596 in FAST TOOLS
Summary
by MITRE • 02/09/2026
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites.
The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/06/2026
CVE-2025-66596 represents a critical vulnerability in Yokogawa Electric Corporation's FAST/TOOLS suite that manifests through improper validation of HTTP request headers, specifically targeting the host header field. This vulnerability falls under the category of HTTP Host Header Injection as defined by CWE-640, where the application fails to properly sanitize or validate the host header parameter in incoming HTTP requests. The flaw exists in multiple packages within the FAST/TOOLS ecosystem including RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB across versions R9.01 through R10.04, indicating a widespread impact across the product line. The vulnerability stems from the application's lack of robust input validation mechanisms that should normally enforce strict parsing and sanitization of HTTP headers to prevent malicious manipulation.
The technical exploitation of this vulnerability occurs when an attacker crafts malicious HTTP requests containing invalid or crafted host header values that bypass the application's validation checks. When the application processes these malformed headers without proper sanitization, it can lead to unintended behavior where users are automatically redirected to attacker-controlled malicious websites. This type of vulnerability enables several attack vectors including open redirect attacks, cross-site scripting attempts, and potential man-in-the-middle scenarios. The operational impact extends beyond simple redirection as it can serve as a stepping stone for more sophisticated attacks such as credential harvesting, session hijacking, or the delivery of malware through malicious redirects that users might inadvertently follow.
This vulnerability directly aligns with ATT&CK technique T1566.001 which covers Phishing via Social Engineering, as the malicious redirects can be used to craft convincing phishing campaigns that exploit user trust in legitimate applications. The attack chain typically involves an initial compromise through a crafted request that triggers the vulnerable host header processing, followed by user redirection to malicious sites that appear legitimate. Organizations running affected FAST/TOOLS versions face significant operational risks including potential data exfiltration, unauthorized access to industrial control systems, and reputational damage from successful phishing campaigns. The vulnerability's impact is particularly concerning in industrial environments where FAST/TOOLS is commonly deployed for process control and monitoring applications, as it could potentially be leveraged to compromise critical infrastructure operations.
The recommended mitigations include immediate deployment of vendor patches or updates that address the host header validation flaw, implementation of strict input validation rules for all HTTP headers, and deployment of web application firewalls with signature-based detection for known malicious host header patterns. Organizations should also implement network-level controls to monitor and block suspicious HTTP requests containing malformed host headers, conduct thorough security assessments of all affected systems, and establish incident response procedures for handling potential exploitation attempts. Additionally, network segmentation and access controls should be reviewed to limit the potential lateral movement if an attacker successfully exploits this vulnerability, as the impact could extend beyond simple redirection to more severe compromise of industrial control systems.