Join the Cyber Forum: Threat Intel on May 12, 2026 to learn how AI is reshaping threat defense.Join the Virtual Cyber Forum: Threat IntelRegister Now
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-66601

CVE-2025-66601: Yokogawa FAST/TOOLS XSS Vulnerability

CVE-2025-66601 is a cross-site scripting flaw in Yokogawa FAST/TOOLS that allows content sniffing attacks leading to malicious script execution. This article covers technical details, affected versions, and mitigation.

Published: February 13, 2026

CVE-2025-66601 Overview

A vulnerability has been identified in FAST/TOOLS, an industrial automation software suite provided by Yokogawa Electric Corporation. The product fails to properly specify MIME types for served content, creating an attack surface for content sniffing attacks. When exploited, this vulnerability allows attackers to execute malicious scripts by manipulating how browsers interpret the content type of responses.

Content sniffing (also known as MIME sniffing) occurs when a browser attempts to determine the content type of a response by examining the content itself rather than relying on the declared Content-Type header. Without proper MIME type declarations, attackers can craft malicious payloads that browsers misinterpret and execute as executable scripts.

Critical Impact

Successful exploitation could allow attackers to execute malicious scripts in the context of the FAST/TOOLS web interface, potentially compromising industrial control system operations and sensitive SCADA data.

Affected Products

  • FAST/TOOLS RVSVRN Package R9.01 to R10.04
  • FAST/TOOLS UNSVRN Package R9.01 to R10.04
  • FAST/TOOLS HMIWEB Package R9.01 to R10.04
  • FAST/TOOLS FTEES Package R9.01 to R10.04
  • FAST/TOOLS HMIMOB Package R9.01 to R10.04

Discovery Timeline

  • 2026-02-09 - CVE-2025-66601 published to NVD
  • 2026-02-09 - Last updated in NVD database

Technical Details for CVE-2025-66601

Vulnerability Analysis

This vulnerability is classified under CWE-358 (Improperly Implemented Security Check for Standard). The core issue stems from the FAST/TOOLS web components failing to include explicit Content-Type headers with the X-Content-Type-Options: nosniff directive in HTTP responses.

When HTTP responses lack proper MIME type specification, web browsers may engage in content sniffing behavior to determine how to render or process the received data. This behavior can be exploited by attackers who craft specially designed payloads that appear as one content type but are actually executable scripts.

The vulnerability affects multiple FAST/TOOLS packages that provide web-based interfaces for industrial automation and SCADA operations. Given the network-accessible nature of this attack vector, exploitation does not require authentication but may need additional preparation steps to successfully execute malicious scripts.

Root Cause

The root cause of this vulnerability lies in the improper implementation of HTTP response headers within the FAST/TOOLS web interface components. The affected packages (RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB) serve web content without properly declaring MIME types or enforcing the X-Content-Type-Options security header.

This oversight allows browsers to "guess" the content type based on content analysis rather than trusting the declared type, creating an opportunity for script injection through content type confusion.

Attack Vector

The attack leverages the network-accessible web interface provided by FAST/TOOLS. An attacker can exploit this vulnerability by:

  1. Crafting malicious content that contains script code but is served without proper MIME type declaration
  2. Delivering the malicious content through the FAST/TOOLS web interface
  3. Exploiting the browser's content sniffing behavior to have the malicious payload interpreted and executed as script code

The vulnerability enables potential script execution that could lead to unauthorized access to SCADA system data, manipulation of industrial process visualizations, or theft of session credentials from legitimate users accessing the FAST/TOOLS HMI web interface.

While no user interaction is required to trigger the vulnerability at the server level, the attack complexity includes some preparatory requirements to successfully position malicious content for browser execution.

Detection Methods for CVE-2025-66601

Indicators of Compromise

  • Unusual HTTP responses from FAST/TOOLS web interfaces lacking proper Content-Type headers
  • Browser console errors indicating MIME type mismatches or content sniffing warnings
  • Unexpected script execution originating from FAST/TOOLS web components
  • Network traffic showing requests with ambiguous or missing content type declarations

Detection Strategies

  • Monitor HTTP response headers from FAST/TOOLS servers for missing or improper Content-Type headers
  • Implement network intrusion detection rules to identify responses lacking X-Content-Type-Options: nosniff directive
  • Review web application firewall logs for attempts to inject content that could trigger MIME sniffing attacks
  • Audit FAST/TOOLS server configurations for proper security header implementation

Monitoring Recommendations

  • Enable detailed HTTP logging on web servers hosting FAST/TOOLS components to capture response header information
  • Deploy SentinelOne Singularity XDR to monitor endpoint behavior for suspicious script execution originating from industrial control system web interfaces
  • Implement network traffic analysis to detect anomalous content patterns in FAST/TOOLS communications
  • Configure SIEM alerts for authentication anomalies following access to FAST/TOOLS web interfaces

How to Mitigate CVE-2025-66601

Immediate Actions Required

  • Review the Yokogawa Security Advisory YSAR-26-0001 for vendor-specific guidance
  • Restrict network access to FAST/TOOLS web interfaces to authorized internal networks only
  • Implement web application firewalls with content sniffing protection rules
  • Consider deploying reverse proxy configurations that enforce proper security headers

Patch Information

Yokogawa Electric Corporation has issued a security advisory (YSAR-26-0001) addressing this vulnerability. Organizations running FAST/TOOLS versions R9.01 through R10.04 should consult the Yokogawa Security Advisory YSAR-26-0001 for specific remediation instructions and available patches.

Contact Yokogawa technical support to obtain the latest security updates for your specific FAST/TOOLS installation and packages.

Workarounds

  • Configure a reverse proxy in front of FAST/TOOLS web components to inject proper security headers including X-Content-Type-Options: nosniff
  • Implement network segmentation to limit access to FAST/TOOLS web interfaces from untrusted networks
  • Enable browser security features and deploy endpoint protection that can detect and block malicious script execution
  • Use web application firewalls to filter potentially malicious content targeting MIME sniffing vulnerabilities
bash
# Example nginx reverse proxy configuration to add security headers
# Place in front of FAST/TOOLS web interface
location /fasttools/ {
    proxy_pass http://fasttools-internal:8080/;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Content-Security-Policy "default-src 'self'" always;
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeXSS
  • Vendor/TechYokogawa
  • SeverityMEDIUM
  • CVSS Score6.3
  • EPSS Probability0.04%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-358
  • Technical References
  • Yokogawa Security Advisory YSAR-26-0001
  • Related CVEs
  • CVE-2025-1924: Yokogawa Vnet/IP Interface RCE Vulnerability
  • CVE-2025-48023: Yokogawa Vnet/IP Interface DoS Vulnerability
  • CVE-2025-48022: Yokogawa Vnet/IP Interface DoS Vulnerability
  • CVE-2025-48020: Yokogawa Vnet/IP Interface DoS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English