CVE-2025-66605
Autocomplete Attribute Exposure in Yokogawa FAST/TOOLS Web Input Fields
Publication date: 2026-02-09
Last updated on: 2026-03-05
Assigner: YokogawaGroup
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yokogawa | fast/tools | From r9.01 (inc) to r10.04 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-359 | The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in FAST/TOOLS software by Yokogawa Electric Corporation, specifically in versions R9.01 to R10.04 of certain packages. The issue arises because input fields on a webpage have the autocomplete attribute enabled, which can cause the input content to be saved in the user's browser.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
How can this vulnerability impact me? :
The impact of this vulnerability is that sensitive or private information entered into the affected input fields could be stored in the user's browser autocomplete history. This could potentially expose such information to unauthorized users who have access to the same browser.