CVE-2025-65117 (GCVE-0-2025-65117)
Vulnerability from cvelistv5 – Published: 2026-01-16 00:14 – Updated: 2026-01-16 14:53
VLAI?
Title
AVEVA Process Optimization Use of Potentially Dangerous Function
Summary
The vulnerability, if exploited, could allow an authenticated miscreant
(Process Optimization Designer User) to embed OLE objects into graphics,
and escalate their privileges to the identity of a victim user who
subsequently interacts with the graphical elements.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | Process Optimization |
Affected:
0 , ≤ 2024.1
(custom)
|
Credits
Christopher Wu of Veracode reported these vulnerabilities to AVEVA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T14:53:07.205216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T14:53:13.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Process Optimization",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2024.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christopher Wu of Veracode reported these vulnerabilities to AVEVA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(Process Optimization Designer User) to embed OLE objects into graphics,\n and escalate their privileges to the identity of a victim user who \nsubsequently interacts with the graphical elements."
}
],
"value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(Process Optimization Designer User) to embed OLE objects into graphics,\n and escalate their privileges to the identity of a victim user who \nsubsequently interacts with the graphical elements."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-676",
"description": "CWE-676",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T00:14:27.567Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
},
{
"url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends users take the following action:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\"\u003eAVEVA Process Optimization v2025\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\nFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "AVEVA recommends users take the following action:\n\n\n\n * Update to AVEVA Process Optimization v2025 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea \n\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"source": {
"advisory": "ICSA-26-015-01",
"discovery": "EXTERNAL"
},
"title": "AVEVA Process Optimization Use of Potentially Dangerous Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA alternatively recommends the following actions users can take to mitigate risk:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\u003c/li\u003e\n\u003cli\u003eApply ACLs to the installation and data folders, limiting write-access to trusted users only.\u003c/li\u003e\n\u003cli\u003eMaintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "AVEVA alternatively recommends the following actions users can take to mitigate risk:\n\n\n\n * Apply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\n\n * Apply ACLs to the installation and data folders, limiting write-access to trusted users only.\n\n * Maintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-65117",
"datePublished": "2026-01-16T00:14:27.567Z",
"dateReserved": "2025-11-24T18:22:00.806Z",
"dateUpdated": "2026-01-16T14:53:13.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-65117\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2026-01-16T02:16:45.833\",\"lastModified\":\"2026-01-16T15:55:12.257\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The vulnerability, if exploited, could allow an authenticated miscreant \\n(Process Optimization Designer User) to embed OLE objects into graphics,\\n and escalate their privileges to the identity of a victim user who \\nsubsequently interacts with the graphical elements.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.1,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-676\"}]}],\"references\":[{\"url\":\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01\",\"source\":\"ics-cert@hq.dhs.gov\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-65117\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-16T14:53:07.205216Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-16T14:53:10.328Z\"}}], \"cna\": {\"title\": \"AVEVA Process Optimization Use of Potentially Dangerous Function\", \"source\": {\"advisory\": \"ICSA-26-015-01\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Christopher Wu of Veracode reported these vulnerabilities to AVEVA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.5, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"AVEVA\", \"product\": \"Process Optimization\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2024.1\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"AVEVA recommends users take the following action:\\n\\n\\n\\n * Update to AVEVA Process Optimization v2025 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea \\n\\n\\n\\n\\n\\nFor more information, please \\nAVEVA\u0027s security bulletin AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ .\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eAVEVA recommends users take the following action:\u003c/p\u003e\\n\u003cul\u003e\\n\u003cli\u003eUpdate to \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\\\"\u003eAVEVA Process Optimization v2025\u003c/a\u003e\u003c/li\u003e\\n\u003c/ul\u003e\\n\\nFor more information, please \\nAVEVA\u0027s security bulletin \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\\\"\u003eAVEVA-2026-001\u003c/a\u003e.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"}, {\"url\": \"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01\"}, {\"url\": \"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"AVEVA alternatively recommends the following actions users can take to mitigate risk:\\n\\n\\n\\n * Apply host and/or network firewall rules restricting the taoimr \\nservice to accept traffic only from trusted source(s). By default, AVEVA\\n Process Optimization listens on port 8888/8889(TLS). Please refer to \\nthe AVEVA Process Optimization Installation Guide for additional details\\n on ports configuration.\\n\\n * Apply ACLs to the installation and data folders, limiting write-access to trusted users only.\\n\\n * Maintain a trusted chain-of-custody on Process Optimization project \\nfiles during creation, modification, distribution, backups, and use.\\n\\n\\n\\n\\nFor more information, please \\nAVEVA\u0027s security bulletin AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ .\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eAVEVA alternatively recommends the following actions users can take to mitigate risk:\u003c/p\u003e\\n\u003cul\u003e\\n\u003cli\u003eApply host and/or network firewall rules restricting the taoimr \\nservice to accept traffic only from trusted source(s). By default, AVEVA\\n Process Optimization listens on port 8888/8889(TLS). Please refer to \\nthe AVEVA Process Optimization Installation Guide for additional details\\n on ports configuration.\u003c/li\u003e\\n\u003cli\u003eApply ACLs to the installation and data folders, limiting write-access to trusted users only.\u003c/li\u003e\\n\u003cli\u003eMaintain a trusted chain-of-custody on Process Optimization project \\nfiles during creation, modification, distribution, backups, and use.\u003c/li\u003e\\n\u003c/ul\u003e\\n\u003cp\u003eFor more information, please \\nAVEVA\u0027s security bulletin \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\\\"\u003eAVEVA-2026-001\u003c/a\u003e.\u003c/p\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The vulnerability, if exploited, could allow an authenticated miscreant \\n(Process Optimization Designer User) to embed OLE objects into graphics,\\n and escalate their privileges to the identity of a victim user who \\nsubsequently interacts with the graphical elements.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The vulnerability, if exploited, could allow an authenticated miscreant \\n(Process Optimization Designer User) to embed OLE objects into graphics,\\n and escalate their privileges to the identity of a victim user who \\nsubsequently interacts with the graphical elements.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-676\", \"description\": \"CWE-676\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2026-01-16T00:14:27.567Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-65117\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-16T14:53:13.050Z\", \"dateReserved\": \"2025-11-24T18:22:00.806Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2026-01-16T00:14:27.567Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…