CVE-2025-65117

Summary

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.

Affected Software

VendorProductVersion RangeStatus
AVEVAProcess Optimization0 <= 2024.1affected

Weaknesses

  • CWE-676: CWE-676

Workarounds

AVEVA alternatively recommends the following actions users can take to mitigate risk:

  • Apply host and/or network firewall rules restricting the taoimr service to accept traffic only from trusted source(s). By default, AVEVA Process Optimization listens on port 8888/8889(TLS). Please refer to the AVEVA Process Optimization Installation Guide for additional details on ports configuration.

  • Apply ACLs to the installation and data folders, limiting write-access to trusted users only.

  • Maintain a trusted chain-of-custody on Process Optimization project files during creation, modification, distribution, backups, and use.

For more information, please AVEVA's security bulletin AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ .

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References