The most severe vulnerability enables unauthenticated attackers to achieve remote code execution under system privileges, posing an immediate risk to industrial process control environments worldwide.
The primary threat stems from a critical code injection vulnerability in the application’s API layer. An unauthenticated attacker can exploit this flaw to execute arbitrary code with full system privileges on the “taoimr” service.
Potentially compromising the entire Model Application Server and connected infrastructure.
This attack requires no user interaction, is low-complexity, and can be executed remotely over the network, making it exceptionally dangerous for organizations running vulnerable versions.
Additional severe vulnerabilities include code injection via macro functionality that allows authenticated users to escalate from standard OS user to system-level privileges.
| CVE ID | Type | CVSS v4.0 | Severity | Impact |
|---|---|---|---|---|
| CVE-2025-61937 | Remote Code Execution (API) | 10.0 | Critical | Unauthenticated RCE under system privileges |
| CVE-2025-64691 | Code Injection (Macros) | 9.3 | Critical | Privilege escalation via TCL scripts |
| CVE-2025-61943 | SQL Injection | 9.3 | Critical | SQL Server admin code execution |
| CVE-2025-65118 | DLL Hijacking | 9.3 | Critical | System privilege escalation |
| CVE-2025-64729 | Missing ACLs | 8.6 | High | Project file tampering & privilege escalation |
| CVE-2025-65117 | Embedded OLE Objects | 8.5 | High | Malicious content delivery |
| CVE-2025-64769 | Cleartext Transmission | 7.6 | High | Data interception via Man-in-the-Middle |
SQL injection flaws in the Captive Historian component that grant attackers SQL Server administrative access.
A DLL hijacking vulnerability enables authenticated users to load arbitrary code and elevate their privileges to system-level.
These attack vectors collectively demonstrate sophisticated exploitation pathways that could completely compromise affected systems.
AVEVA recommends immediate action: organizations should upgrade to AVEVA Process Optimization 2025 or higher to patch all identified vulnerabilities.
As an interim defensive measure, administrators should implement network firewall rules restricting the taoimr service (default ports 8888/8889) to trusted sources only.
Apply strict access control lists to installation and data folders, and maintain rigorous change management for project files.
The vulnerabilities were discovered during a planned penetration test by Veracode security researcher Christopher Wu and coordinated with CISA.
Organizations operating AVEVA Process Optimization environments should prioritize patching immediately to prevent exploitation of these critical flaws in their industrial control systems infrastructure.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges appeared first on Cyber Security News.
May 10, 2026 Imagine if the biggest, most influential businesses in this country came together…
Crimson Desert developer Pearl Abyss has released this week’s update as promised, and it adds…
It took nearly 50 years. WKRP in Cincinnati is no longer just a TV sitcom.…
The Mountain Home Area Chamber of Commerce hosted its 2026 Four-Person Scramble Golf Tournament Friday…
Growing up and spending all of his 44-years in Lead Hill and living on the…
Mountain Home Mayor Hillrey Adams says work is continuing at a rapid pace as the…
This website uses cookies.