CVE 8.8 HIGH

AVEVA Process Optimization Uncontrolled Search Path Element_CVE-2025-65118

January 15, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

The vulnerability, if exploited, could allow an authenticated miscreant
(OS Standard User) to trick Process Optimization services into loading
arbitrary code and escalate privileges to OS System, potentially
resulting in complete compromise of the Model Application Server.

AI Analysis

Uncontrolled Search Path Element vulnerability in AVEVA Process Optimization allowing arbitrary code execution and privilege escalation

Basic Information

ID CVE-2025-65118

Source icscert

Published Jan 16, 2026 at 00:11

Affected Product

Vendor AVEVA

Product Process Optimization

Affected Versions AVEVA Process Optimization 0

CWE Classification

CWE-427

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor AVEVA

Product Process Optimization

References

{
    "lastseen": "",
    "description": "The vulnerability, if exploited, could allow an authenticated miscreant \n(OS Standard User) to trick Process Optimization services into loading \narbitrary code and escalate privileges to OS System, potentially \nresulting in complete compromise of the Model Application Server.",
    "published": "2026-01-16T00:11:12.560Z",
    "modified": "2026-01-16T00:11:12.560Z",
    "type": "cve",
    "title": "AVEVA Process Optimization Uncontrolled Search Path Element",
    "source": "icscert",
    "references": "https://www.aveva.com/en/support-and-success/cyber-security-updates/\nhttps://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json",
    "id": "CVE-2025-65118",
    "bulletinFamily": "",
    "cwe": [
        "CWE-427"
    ],
    "cvelist": null,
    "sourceData": "AVEVA Process Optimization 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Process Optimization",
    "version": "0",
    "vendor": "AVEVA",
    "ai_description": "Uncontrolled Search Path Element vulnerability in AVEVA Process Optimization allowing arbitrary code execution and privilege escalation",
    "ai_severity": "High",
    "ai_vendor": "AVEVA",
    "ai_product": "Process Optimization",
    "ai_version": "0",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply