Aveva Process Optimization vulnerabilities
7 known vulnerabilities affecting aveva/process_optimization.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6
Vulnerabilities
Page 1 of 1
CVE-2025-61937P2CRITICALCVSS 10.0fixed in 2025≤ 2024.12026-01-16
CVE-2025-61937 [CRITICAL] CWE-94 CVE-2025-61937: The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code ex
The vulnerability, if exploited, could allow an unauthenticated
miscreant to achieve remote code execution under OS system privileges of
“taoimr” service, potentially resulting in complete compromise of the model application server.
nvd
CVE-2025-65118P3HIGHCVSS 8.8fixed in 2025≤ 2024.12026-01-16
CVE-2025-65118 [HIGH] CWE-427 CVE-2025-65118: The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick
The vulnerability, if exploited, could allow an authenticated miscreant
(OS Standard User) to trick Process Optimization services into loading
arbitrary code and escalate privileges to OS System, potentially
resulting in complete compromise of the Model Application Server.
nvd
CVE-2025-64691P3HIGHCVSS 8.8fixed in 2025≤ 2024.12026-01-16
CVE-2025-64691 [HIGH] CWE-94 CVE-2025-64691: The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tampe
The vulnerability, if exploited, could allow an authenticated miscreant
(OS standard user) to tamper with TCL Macro scripts and escalate
privileges to OS system, potentially resulting in complete compromise of
the model application server.
nvd
CVE-2025-61943P3HIGHCVSS 7.8fixed in 2025≤ 2024.12026-01-16
CVE-2025-61943 [HIGH] CWE-89 CVE-2025-61943: The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Stand
The vulnerability, if exploited, could allow an authenticated miscreant
(Process Optimization Standard User) to tamper with queries in Captive
Historian and achieve code execution under SQL Server administrative
privileges, potentially resulting in complete compromise of the SQL
Server.
nvd
CVE-2025-64729P3HIGHCVSS 8.2fixed in 2025≤ 2024.12026-01-16
CVE-2025-64729 [HIGH] CWE-862 CVE-2025-64729: The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tampe
The vulnerability, if exploited, could allow an authenticated miscreant
(OS Standard User) to tamper with Process Optimization project files,
embed code, and escalate their privileges to the identity of a victim
user who subsequently interacts with the project files.
nvd
CVE-2025-65117P3HIGHCVSS 7.7fixed in 2025≤ 2024.12026-01-16
CVE-2025-65117 [HIGH] CWE-676 CVE-2025-65117: The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Desig
The vulnerability, if exploited, could allow an authenticated miscreant
(Process Optimization Designer User) to embed OLE objects into graphics,
and escalate their privileges to the identity of a victim user who
subsequently interacts with the graphical elements.
nvd
CVE-2025-64769P4HIGHCVSS 7.1fixed in 2025≤ 2024.12026-01-16
CVE-2025-64769 [HIGH] CWE-319 CVE-2025-64769: The Process Optimization application suite leverages connection channels/protocols that by-default
The Process Optimization application suite leverages connection
channels/protocols that by-default are not encrypted and could become
subject to hijacking or data leakage in certain man-in-the-middle or
passive inspection scenarios.
nvd