Home

Description

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.

PUBLISHED Reserved 2025-11-24 | Published 2026-01-16 | Updated 2026-01-16 | Assigner icscert




HIGH: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-427

Product status

Default status
unaffected

Any version
affected

Credits

Christopher Wu of Veracode reported these vulnerabilities to AVEVA. finder

References

www.aveva.com/en/support-and-success/cyber-security-updates/

softwaresupportsp.aveva.com/...3-0d85-4fde-ac11-5239e87a68ea

www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

github.com/...p/csaf_files/OT/white/2026/icsa-26-015-01.json

cve.org (CVE-2025-65118)

nvd.nist.gov (CVE-2025-65118)

Download JSON