Process Optimization Security Vulnerabilities and Issues — Process Optimization CVE List

AvevaProcess Optimization

7 matches found

CVE•added 2026/01/16 12:4 a.m.•15 views

CVE-2025-61937

CVE-2025-61937 affects AVEVA Process Optimization. The flaw allows unauthenticated remote code execution via the taoimr service, potentially fully compromising the model application server. CVSS metrics in the documents show CRITICAL impact. Remediation details or fixed versions are not provided ...

10CVSS7.8AI score0.00116EPSS

CVE•added 2026/01/16 12:6 a.m.•11 views

CVE-2025-64691

CVE-2025-64691 affects AVEVA Process Optimization (Code Injection) where an authenticated OS-standard user can tamper TCL Macro scripts to escalate privileges to OS system, potentially fully compromising the Model Application Server. Public summaries describe local, authenticated, user-level acce...

9.3CVSS6.6AI score0.00015EPSS

CVE•added 2026/01/16 12:9 a.m.•10 views

CVE-2025-61943

CVE-2025-61943 affects AVEVA Process Optimization Captive Historian. An authenticated Process Optimization Standard User can tamper with queries in Captive Historian, enabling code execution with SQL Server administrative privileges and potentially full SQL Server compromise. Connected sources (N...

9.3CVSS7.6AI score0.00013EPSS

CVE•added 2026/01/16 12:16 a.m.•9 views

CVE-2025-64769

CVE-2025-64769 affects the AVEVA Process Optimization suite. The root issue is unencrypted by-default channels/protocols, enabling potential data hijacking or leakage in man-in-the-middle or passive inspection scenarios. Documents consistently describe cleartext transmission of sensitive informat...

7.6CVSS6.4AI score0.00007EPSS

CVE•added 2026/01/16 12:12 a.m.•8 views

CVE-2025-64729

The CVE-2025-64729 entry concerns AVEVA Process Optimization. Affected software: Process Optimization with user-authenticated access (OS Standard User). The documented vulnerability allows an authenticated attacker to tamper with Process Optimization project files, embed code, and escalate privil...

8.6CVSS6.5AI score0.00009EPSS

CVE•added 2026/01/16 12:14 a.m.•8 views

CVE-2025-65117

The CVE-2025-65117 entry concerns AVEVA Process Optimization: an authenticated Process Optimization Designer User can embed OLE objects into graphics, potentially escalating privileges to a victim user after interaction with the graphics. Core details indicate local access with low attack complex...

8.5CVSS6.5AI score0.00008EPSS

CVE•added 2026/01/16 12:11 a.m.•8 views

CVE-2025-65118

CVE-2025-65118 affects AVEVA Process Optimization. The issue is described as an Uncontrolled Search Path Element that could allow an authenticated OS Standard User to cause Process Optimization services to load arbitrary code, enabling privilege escalation to OS System and potentially complete co...

9.3CVSS6.8AI score0.0001EPSS