PatchSiren cyber security CVE debrief
CVE-2025-65118 AVEVA CVE debrief
CVE-2025-65118 affects AVEVA Process Optimization and was publicly republished by CISA on 2026-01-15 as ICSA-26-015-01. The advisory says an authenticated OS Standard User could trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, with potential complete compromise of the Model Application Server. CISA rates the issue 8.8 (HIGH), reflecting serious impact even though the attack requires local authenticated access.
- Vendor
- AVEVA
- Product
- Process Optimization
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-15
- Original CVE updated
- 2026-01-15
- Advisory published
- 2026-01-15
- Advisory updated
- 2026-01-15
Who should care
Organizations running AVEVA Process Optimization, especially OT/industrial environments, should treat this as important if standard users can access the host, service ports, installation folders, or project files. Administrators responsible for patching, host hardening, network segmentation, and file-system permissions should prioritize it.
Technical summary
The source advisory describes a local authenticated privilege-escalation weakness in AVEVA Process Optimization. A user with OS Standard User privileges may be able to influence Process Optimization services to load arbitrary code, then escalate to OS System. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating local attack conditions, low complexity, no user interaction, and severe confidentiality, integrity, and availability impact.
Defensive priority
High. The issue requires authenticated local access, but the impact includes OS SYSTEM compromise and possible complete compromise of the Model Application Server. Prioritize remediation on any exposed or multi-user deployment.
Recommended defensive actions
- Update AVEVA Process Optimization to v2025 using the vendor-provided update.
- Restrict the taoimr service with host and/or network firewall rules so it only accepts traffic from trusted sources; the advisory notes default ports 8888/8889 (TLS).
- Apply ACLs to installation and data folders so only trusted users can write to them.
- Maintain a trusted chain-of-custody for Process Optimization project files during creation, modification, distribution, backups, and use.
- Review AVEVA security bulletin AVEVA-2026-001 and the CISA advisory for deployment-specific guidance.
Evidence notes
Evidence is limited to the supplied CISA CSAF advisory metadata and linked official references. The advisory metadata states: CVE-2025-65118, product AVEVA Process Optimization, impact to an authenticated OS Standard User, arbitrary code loading, privilege escalation to OS System, and potential complete compromise of the Model Application Server. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. Remediations listed in the source include updating to v2025, restricting taoimr traffic to trusted sources on ports 8888/8889, applying ACLs to installation and data folders, and preserving trusted chain-of-custody for project files. The enrichment data indicates this is not a CISA KEV entry.
Official resources
-
CVE-2025-65118 CVE record
CVE.org
-
CVE-2025-65118 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2026-01-15 as ICSA-26-015-01, an initial republication of AVEVA-2026-001.