The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XAveva Process Optimization
APPAveva< 2025
π’
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCESQLi
CWE
Related vulnerabilities
CVE-2025-61937CRITICAL10.0PL βten sam produkt
RCE z uprawnieniami systemowymi w Aveva Process Optimization
CVE-2025-64691CRITICAL9.3PL βten sam produkt
Privilege escalation przez manipulacjΔ skryptami TCL w Aveva Process Optimization
CVE-2025-65118CRITICAL9.3PL βten sam produkt
Privilege escalation w Aveva Process Optimization (CWE-427)
CVE-2025-64729HIGH8.6ten sam produkt
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Pro...
CVE-2025-64769HIGH7.6ten sam produkt
The Process Optimization application suite leverages connection channels/protocols that by-default are not en...