Home

Description

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files.

PUBLISHED Reserved 2025-11-24 | Published 2026-01-16 | Updated 2026-01-16 | Assigner icscert




HIGH: 8.1CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

HIGH: 8.6CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H

Problem types

CWE-862

Product status

Default status
unaffected

Any version
affected

Credits

Christopher Wu of Veracode reported these vulnerabilities to AVEVA. finder

References

www.aveva.com/en/support-and-success/cyber-security-updates/

softwaresupportsp.aveva.com/...3-0d85-4fde-ac11-5239e87a68ea

www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

github.com/...p/csaf_files/OT/white/2026/icsa-26-015-01.json

cve.org (CVE-2025-64729)

nvd.nist.gov (CVE-2025-64729)

Download JSON