The most severe vulnerability enables unauthenticated attackers to achieve remote code execution under system privileges, posing an immediate risk to industrial process control environments worldwide.
The primary threat stems from a critical code injection vulnerability in the application’s API layer. An unauthenticated attacker can exploit this flaw to execute arbitrary code with full system privileges on the “taoimr” service.
Potentially compromising the entire Model Application Server and connected infrastructure.
This attack requires no user interaction, is low-complexity, and can be executed remotely over the network, making it exceptionally dangerous for organizations running vulnerable versions.
Additional severe vulnerabilities include code injection via macro functionality that allows authenticated users to escalate from standard OS user to system-level privileges.
| CVE ID | Type | CVSS v4.0 | Severity | Impact |
|---|---|---|---|---|
| CVE-2025-61937 | Remote Code Execution (API) | 10.0 | Critical | Unauthenticated RCE under system privileges |
| CVE-2025-64691 | Code Injection (Macros) | 9.3 | Critical | Privilege escalation via TCL scripts |
| CVE-2025-61943 | SQL Injection | 9.3 | Critical | SQL Server admin code execution |
| CVE-2025-65118 | DLL Hijacking | 9.3 | Critical | System privilege escalation |
| CVE-2025-64729 | Missing ACLs | 8.6 | High | Project file tampering & privilege escalation |
| CVE-2025-65117 | Embedded OLE Objects | 8.5 | High | Malicious content delivery |
| CVE-2025-64769 | Cleartext Transmission | 7.6 | High | Data interception via Man-in-the-Middle |
SQL injection flaws in the Captive Historian component that grant attackers SQL Server administrative access.
A DLL hijacking vulnerability enables authenticated users to load arbitrary code and elevate their privileges to system-level.
These attack vectors collectively demonstrate sophisticated exploitation pathways that could completely compromise affected systems.
AVEVA recommends immediate action: organizations should upgrade to AVEVA Process Optimization 2025 or higher to patch all identified vulnerabilities.
As an interim defensive measure, administrators should implement network firewall rules restricting the taoimr service (default ports 8888/8889) to trusted sources only.
Apply strict access control lists to installation and data folders, and maintain rigorous change management for project files.
The vulnerabilities were discovered during a planned penetration test by Veracode security researcher Christopher Wu and coordinated with CISA.
Organizations operating AVEVA Process Optimization environments should prioritize patching immediately to prevent exploitation of these critical flaws in their industrial control systems infrastructure.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges appeared first on Cyber Security News.
More detailed budget documents and records of financial oversight meetings will now be provided to…
For the third time in 25 years, the town of Pembroke is considering a proposal…
A relatively small number of Kearsarge Regional Middle School students have in recent months incorporated…
The second season of Netflix's One Piece series is here and it's fantastic. IGN called…
OREGON, Ill. (WTVO) – The number of houses for sale in the Northern Illinois region…
2019’s Ready or Not was a breath of fresh air: a simple, savage game of…
This website uses cookies.