PatchSiren cyber security CVE debrief
CVE-2025-65117 AVEVA CVE debrief
CVE-2025-65117 is a HIGH-severity vulnerability in AVEVA Process Optimization. According to the CISA advisory, an authenticated Process Optimization Designer User can embed OLE objects into graphics and, if a victim user later interacts with those graphical elements, escalate privileges to the victim’s identity. The advisory lists a CVSS v3.1 score of 7.4 (AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N) and recommends updating to AVEVA Process Optimization v2025 or applying compensating controls such as restricting taoimr service traffic, limiting write access to installation/data folders, and maintaining trusted chain-of-custody for project files.
- Vendor
- AVEVA
- Product
- Process Optimization
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-15
- Original CVE updated
- 2026-01-15
- Advisory published
- 2026-01-15
- Advisory updated
- 2026-01-15
Who should care
AVEVA Process Optimization administrators, OT/ICS security teams, Windows and network administrators supporting the platform, and organizations where designers or operators share graphics or project files that could be opened by other users.
Technical summary
The advisory describes an authenticated abuse path in AVEVA Process Optimization where a designer user can place OLE objects into graphics. If a victim user subsequently interacts with the graphics, the attacker can obtain the victim’s privileges. CISA records the issue as CVSS v3.1 7.4 with vector AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N, indicating high privileges are required, user interaction is needed, and the impact is primarily on confidentiality and integrity.
Defensive priority
High. The issue requires authenticated access and user interaction, but the potential result is privilege escalation to another user identity in an OT product, making timely patching and access-control hardening important.
Recommended defensive actions
- Update AVEVA Process Optimization to v2025 using the vendor-provided update path referenced in the advisory.
- Restrict taoimr service traffic with host and/or network firewall rules so it only accepts connections from trusted sources; AVEVA notes the service listens on ports 8888/8889 (TLS) by default.
- Apply ACLs to installation and data folders so write access is limited to trusted users only.
- Maintain a trusted chain-of-custody for Process Optimization project files during creation, modification, distribution, backups, and use.
- Review and follow AVEVA’s security bulletin AVEVA-2026-001 and the CISA advisory for deployment-specific guidance.
Evidence notes
This debrief is based only on the supplied CISA CSAF advisory item and its official references. The vulnerability description, CVSS vector/score, affected product, and remediation steps are taken from the source item metadata. Timing uses the CVE/advisory published date supplied in the corpus: 2026-01-15T07:00:00Z.
Official resources
-
CVE-2025-65117 CVE record
CVE.org
-
CVE-2025-65117 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory for CVE-2025-65117 on 2026-01-15 as ICSA-26-015-01. The source metadata indicates this was an initial republication of AVEVA-2026-001.