The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XAveva Process Optimization
APPAveva< 2025
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPE
CWE
Related vulnerabilities
CVE-2025-61937CRITICAL10.0PL ✓ten sam produkt
RCE z uprawnieniami systemowymi w Aveva Process Optimization
CVE-2025-61943CRITICAL9.3PL ✓ten sam produkt
SQL Injection w Aveva Process Optimization umożliwiający RCE
CVE-2025-64691CRITICAL9.3PL ✓ten sam produkt
Privilege escalation przez manipulację skryptami TCL w Aveva Process Optimization
CVE-2025-64729HIGH8.6ten sam produkt
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Pro...
CVE-2025-64769HIGH7.6ten sam produkt
The Process Optimization application suite leverages connection channels/protocols that by-default are not en...