CVE 8.8 HIGH

AVEVA Process Optimization Code Injection_CVE-2025-64691

January 15, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

The vulnerability, if exploited, could allow an authenticated miscreant
(OS standard user) to tamper with TCL Macro scripts and escalate
privileges to OS system, potentially resulting in complete compromise of
the model application server.

AI Analysis

Code injection vulnerability allowing privilege escalation to OS system

Basic Information

ID CVE-2025-64691

Source icscert

Published Jan 16, 2026 at 00:06

Affected Product

Vendor AVEVA

Product Process Optimization

Affected Versions AVEVA Process Optimization 0

CWE Classification

CWE-94

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor AVEVA

Product Process Optimization

References

{
    "lastseen": "",
    "description": "The vulnerability, if exploited, could allow an authenticated miscreant \n(OS standard user) to tamper with TCL Macro scripts and escalate \nprivileges to OS system, potentially resulting in complete compromise of\n the model application server.",
    "published": "2026-01-16T00:06:56.554Z",
    "modified": "2026-01-16T00:06:56.554Z",
    "type": "cve",
    "title": "AVEVA Process Optimization Code Injection",
    "source": "icscert",
    "references": "https://www.aveva.com/en/support-and-success/cyber-security-updates/\nhttps://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json",
    "id": "CVE-2025-64691",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "AVEVA Process Optimization 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Process Optimization",
    "version": "0",
    "vendor": "AVEVA",
    "ai_description": "Code injection vulnerability allowing privilege escalation to OS system",
    "ai_severity": "High",
    "ai_vendor": "AVEVA",
    "ai_product": "Process Optimization",
    "ai_version": "0",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply