CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-64691

CVSS 9.3v4.0pub. 2026-01-16upd. 2026-01-22

The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.

CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Aveva Process Optimization

    APP
    Aveva
    < 2025
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-61937CRITICAL10.0PL ✓ten sam produkt

RCE z uprawnieniami systemowymi w Aveva Process Optimization

CVE-2025-61943CRITICAL9.3PL ✓ten sam produkt

SQL Injection w Aveva Process Optimization umożliwiający RCE

CVE-2025-65118CRITICAL9.3PL ✓ten sam produkt

Privilege escalation w Aveva Process Optimization (CWE-427)

CVE-2025-64729HIGH8.6ten sam produkt

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Pro...

CVE-2025-64769HIGH7.6ten sam produkt

The Process Optimization application suite leverages connection channels/protocols that by-default are not en...