PatchSiren cyber security CVE debrief
CVE-2025-64691 AVEVA CVE debrief
CVE-2025-64691 is a high-severity vulnerability in AVEVA Process Optimization. According to CISA’s CSAF advisory, an authenticated miscreant with OS Standard User access could tamper with TCL Macro scripts and escalate privileges to OS System, with potential for complete compromise of the Model Application Server. The advisory was published on 2026-01-15 and includes vendor guidance to update to AVEVA Process Optimization v2025 or apply compensating controls such as restricting taoimr service access, limiting write permissions on installation and data folders, and maintaining trusted chain-of-custody for project files.
- Vendor
- AVEVA
- Product
- Process Optimization
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-15
- Original CVE updated
- 2026-01-15
- Advisory published
- 2026-01-15
- Advisory updated
- 2026-01-15
Who should care
AVEVA Process Optimization administrators, OT/ICS security teams, system owners managing Model Application Server deployments, and defenders responsible for host, service, and file-access controls on affected systems.
Technical summary
CISA’s advisory describes a local privilege-escalation path in AVEVA Process Optimization. The issue is reachable by an authenticated user with OS Standard User privileges and can be used to tamper with TCL Macro scripts, escalating to OS System. The supplied CVSS v3.1 vector is AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, reflecting local attack conditions, low privileges required, no user interaction, and high impacts across confidentiality, integrity, and availability with scope change.
Defensive priority
High. The issue is remotely unremarkable but operationally serious because a low-privilege authenticated user on the host can move to full system-level compromise of the Model Application Server.
Recommended defensive actions
- Update to AVEVA Process Optimization v2025 using the vendor-provided fix.
- Apply host and/or network firewall rules so the taoimr service accepts traffic only from trusted sources.
- Restrict access to the default listening ports 8888/8889 (TLS) according to the AVEVA Process Optimization Installation Guide.
- Apply ACLs to installation and data folders so only trusted users can write to them.
- Maintain a trusted chain-of-custody for Process Optimization project files during creation, modification, distribution, backups, and use.
- Review AVEVA’s security bulletin AVEVA-2026-001 for additional vendor guidance.
Evidence notes
All substantive claims above come from the supplied CISA CSAF source item for ICSA-26-015-01 and its embedded remediation guidance. The source describes the privilege-escalation condition, the affected product name, the OS Standard User prerequisite, the Model Application Server impact, and the mitigation steps. The CVSS vector is taken from the supplied source metadata. No exploit code or offensive reproduction steps are included.
Official resources
-
CVE-2025-64691 CVE record
CVE.org
-
CVE-2025-64691 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2026-01-15 (ICSA-26-015-01 / AVEVA-2026-001 republication in the provided source corpus).