CVE-2025-64769

Summary

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios.

Affected Software

VendorProductVersion RangeStatus
AVEVAProcess Optimization0 <= 2024.1affected

Weaknesses

  • CWE-319: CWE-319

Workarounds

AVEVA alternatively recommends the following actions users can take to mitigate risk:

  • Apply host and/or network firewall rules restricting the taoimr service to accept traffic only from trusted source(s). By default, AVEVA Process Optimization listens on port 8888/8889(TLS). Please refer to the AVEVA Process Optimization Installation Guide for additional details on ports configuration.

  • Apply ACLs to the installation and data folders, limiting write-access to trusted users only.

  • Maintain a trusted chain-of-custody on Process Optimization project files during creation, modification, distribution, backups, and use.

For more information, please AVEVA's security bulletin AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ .

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References