The flaws affect all versions through 2024.1 and enable attackers to execute remote code with SYSTEM-level privileges without authentication.
The most severe flaw, CVE-2025-61937, achieved a CVSS score of 10.0, the maximum severity rating, through an unauthenticated API-based remote code execution vulnerability.
Exploitation requires no user interaction, allowing attackers to gain SYSTEM privileges on the “taoimr” service and completely compromise the Model Application Server.
This vector represents an immediate, actionable threat to operational technology environments globally.
Three additional critical vulnerabilities, each with a CVSS score of 9.3. CVE-2025-64691 allows authenticated attackers with standard OS privileges to inject malicious TCL Macro scripts, escalating to SYSTEM level.
CVE-2025-61943 exploits an SQL injection vulnerability in the Captive Historian component, enabling code execution with SQL Server administrative privileges.
CVE-2025-65118 leverages DLL hijacking to achieve privilege escalation through arbitrary code loading in Process Optimization services.
Three high-severity flaws create secondary attack surfaces. CVE-2025-64729 (CVSS 8.6) enables privilege escalation via tampering with project files due to missing access control lists.
CVE-2025-65117 (CVSS 8.5) allows authenticated designer users to embed malicious OLE objects into graphics to escalate privileges.
CVE-2025-64769 (CVSS 7.6) exposes sensitive information through unencrypted channels, creating opportunities for man-in-the-middle attacks.
| CVE | Vulnerability Type | CVSS Score | Severity |
|---|---|---|---|
| CVE-2025-61937 | Remote Code Execution via API | 10.0 | Critical |
| CVE-2025-64691 | Code Injection (TCL Macro) | 9.3 | Critical |
| CVE-2025-61943 | SQL Injection | 9.3 | Critical |
| CVE-2025-65118 | DLL Hijacking | 9.3 | Critical |
| CVE-2025-64729 | Missing Authorization | 8.6 | High |
| CVE-2025-65117 | Malicious OLE Objects | 8.5 | High |
| CVE-2025-64769 | Cleartext Transmission | 7.6 | High |
AVEVA recommends upgrading to Process Optimization 2025 or later immediately. Organizations unable to apply patches immediately should implement temporary defensive measures: restrict the taoimr service to trusted sources on ports 8888/8889 via firewall rules, implement access control lists limiting write access to installation directories, and maintain strict chain-of-custody protocols for project files.
The vulnerabilities were discovered by security researcher Christopher Wu from Veracode during an AVEVA-sponsored penetration testing engagement.
CISA coordinated the advisory publication and CVE assignment, indicating a validated severity assessment.
Industrial organizations running Process Optimization should prioritize patching within 24-48 hours due to the maximum-severity unauthenticated RCE vector and ease of exploitation.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Critical AVEVA Software Vulnerabilities Enable SYSTEM-Level Remote Code Execution appeared first on Cyber Security News.
In September, Donald Trump claimed that "the United States is getting a tremendous fee" for…
ABILENE, Texas (KTAB/KRBC) - Two men in Abilene, a father and son, were arrested Friday…
According to Reuters, Meta is looking to offset spending on AI and data centers with…
Hulu has decided to scrap Buffy the Vampire Slayer: New Sunnydale, its planned continuation series…
Jostling a folded piece of paper, holding it marooned in the air, selectman Beth Blair…
Boscawen voters cruised through a speedy town meeting Friday night, one with so little controversy…
This website uses cookies.