The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XAveva Process Optimization
APPAveva< 2025
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
Related vulnerabilities
CVE-2025-61937CRITICAL10.0PL ✓ten sam produkt
RCE z uprawnieniami systemowymi w Aveva Process Optimization
CVE-2025-61943CRITICAL9.3PL ✓ten sam produkt
SQL Injection w Aveva Process Optimization umożliwiający RCE
CVE-2025-65118CRITICAL9.3PL ✓ten sam produkt
Privilege escalation w Aveva Process Optimization (CWE-427)
CVE-2025-64729HIGH8.6ten sam produkt
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Pro...
CVE-2025-64769HIGH7.6ten sam produkt
The Process Optimization application suite leverages connection channels/protocols that by-default are not en...