CRITICALβœ“ PATCHπŸ‡΅πŸ‡± Wersja polska

CVE-2025-61943

CVSS 9.3v4.0pub. 2026-01-16upd. 2026-01-22

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.

CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Aveva Process Optimization

    APP
    Aveva
    < 2025
🟒
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCESQLi
CWE
References

Related vulnerabilities

CVE-2025-61937CRITICAL10.0PL βœ“ten sam produkt

RCE z uprawnieniami systemowymi w Aveva Process Optimization

CVE-2025-64691CRITICAL9.3PL βœ“ten sam produkt

Privilege escalation przez manipulacjΔ™ skryptami TCL w Aveva Process Optimization

CVE-2025-65118CRITICAL9.3PL βœ“ten sam produkt

Privilege escalation w Aveva Process Optimization (CWE-427)

CVE-2025-64729HIGH8.6ten sam produkt

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Pro...

CVE-2025-64769HIGH7.6ten sam produkt

The Process Optimization application suite leverages connection channels/protocols that by-default are not en...

CVE-2025-61943 β€” Aveva β€” Process Optimization β€” CRITICAL β€” CVSS 9.3 | CVEbaza.pl