CVE 10 CRITICAL

AVEVA Process Optimization Code Injection_CVE-2025-61937

January 15, 2026 invoker category_cve

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

The vulnerability, if exploited, could allow an unauthenticated
miscreant to achieve remote code execution under OS system privileges of
“taoimr” service, potentially resulting in complete compromise of the model application server.

AI Analysis

Remote code execution vulnerability in AVEVA Process Optimization, allowing unauthenticated attackers to compromise the model application server.

Basic Information

ID CVE-2025-61937

Source icscert

Published Jan 16, 2026 at 00:04

Affected Product

Vendor AVEVA

Product Process Optimization

Affected Versions AVEVA Process Optimization 0

CWE Classification

CWE-94

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor AVEVA

Product Process Optimization

References

{
    "lastseen": "",
    "description": "The vulnerability, if exploited, could allow an unauthenticated \nmiscreant to achieve remote code execution under OS system privileges of\n \u201ctaoimr\u201d service, potentially resulting in complete compromise of the\u00a0 model application server.",
    "published": "2026-01-16T00:04:37.128Z",
    "modified": "2026-01-16T00:04:37.128Z",
    "type": "cve",
    "title": "AVEVA Process Optimization Code Injection",
    "source": "icscert",
    "references": "https://www.aveva.com/en/support-and-success/cyber-security-updates/\nhttps://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json",
    "id": "CVE-2025-61937",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "AVEVA Process Optimization 0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Process Optimization",
    "version": "0",
    "vendor": "AVEVA",
    "ai_description": "Remote code execution vulnerability in AVEVA Process Optimization, allowing unauthenticated attackers to compromise the model application server.",
    "ai_severity": "Critical",
    "ai_vendor": "AVEVA",
    "ai_product": "Process Optimization",
    "ai_version": "0",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply