CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-65118

CVSS 9.3v4.0pub. 2026-01-16upd. 2026-01-22

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.

CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Aveva Process Optimization

    APP
    Aveva
    < 2025
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2025-61937CRITICAL10.0PL ✓ten sam produkt

RCE z uprawnieniami systemowymi w Aveva Process Optimization

CVE-2025-61943CRITICAL9.3PL ✓ten sam produkt

SQL Injection w Aveva Process Optimization umożliwiający RCE

CVE-2025-64691CRITICAL9.3PL ✓ten sam produkt

Privilege escalation przez manipulację skryptami TCL w Aveva Process Optimization

CVE-2025-64729HIGH8.6ten sam produkt

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Pro...

CVE-2025-64769HIGH7.6ten sam produkt

The Process Optimization application suite leverages connection channels/protocols that by-default are not en...