PatchSiren cyber security CVE debrief
CVE-2025-61943 AVEVA CVE debrief
CVE-2025-61943 is a high-severity AVEVA Process Optimization vulnerability disclosed by CISA on 2026-01-15. According to the advisory, an authenticated Process Optimization Standard User may tamper with Captive Historian queries and achieve code execution under SQL Server administrative privileges, which could lead to full SQL Server compromise.
- Vendor
- AVEVA
- Product
- Process Optimization
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-15
- Original CVE updated
- 2026-01-15
- Advisory published
- 2026-01-15
- Advisory updated
- 2026-01-15
Who should care
Organizations running AVEVA Process Optimization, especially teams that administer the associated SQL Server instance, Captive Historian, or OT/ICS environments where the product is deployed. Security teams should also care if the product is exposed across trusted internal segments rather than tightly segmented.
Technical summary
The supplied advisory describes a locally reachable, authenticated attack path with low privileges required. The CVSS vector provided is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N, corresponding to a high-severity impact on confidentiality and integrity with scope change. The vendor guidance indicates the issue can be mitigated by upgrading to AVEVA Process Optimization v2025 and by restricting taoimr service access to trusted sources, limiting write access to installation and data folders, and maintaining trusted chain-of-custody for project files.
Defensive priority
High. The combination of authenticated access, SQL Server administrative execution, and potential full database compromise makes this a priority for environments running the affected product, even though it is not marked as KEV in the supplied data.
Recommended defensive actions
- Upgrade to AVEVA Process Optimization v2025 using the vendor-provided update path.
- Restrict the taoimr service with host and/or network firewall rules so it accepts traffic only from trusted source systems.
- Verify the service is not broadly reachable; by default the product listens on ports 8888/8889 (TLS) according to the advisory.
- Apply ACLs to installation and data folders so only trusted users can write to them.
- Maintain a trusted chain-of-custody for Process Optimization project files during creation, modification, distribution, backups, and use.
- Review the AVEVA security bulletin AVEVA-2026-001 for any additional vendor guidance.
Evidence notes
All findings are based on the supplied CISA CSAF advisory content for ICSA-26-015-01 / CVE-2025-61943 and the vendor remediation text included in that advisory. The advisory states the affected product is AVEVA Process Optimization and that an authenticated Process Optimization Standard User may tamper with Captive Historian queries and reach code execution under SQL Server administrative privileges. The supplied CVSS vector is AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N, with a score of 8.4 (High). No exploit details or unsupported claims were used.
Official resources
-
CVE-2025-61943 CVE record
CVE.org
-
CVE-2025-61943 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published/republished the advisory on 2026-01-15 (ICSA-26-015-01) with the same date used for the CVE record in the supplied timeline. No KEV listing was provided in the corpus.