top of page
perceptive_background_267k.jpg

The vulnerability, if exploited, could allow an unauthenticated
miscreant to achieve remote code execution under OS system privileges of
“taoimr” service, pot…

Published:

15 January 2026 at 23:00:00

Alert date:

16 January 2026 at 17:05:16

Source:

nvd.nist.gov

Click to open the original link from this advisory

Critical Infrastructure, Enterprise Applications

CVE-2025-61937 is a critical vulnerability affecting the taoimr service in AVEVA products. The vulnerability allows unauthenticated remote attackers to achieve remote code execution with OS system privileges. Successful exploitation could result in complete compromise of the model application server. The vulnerability has been assigned a high criticality rating and is being analyzed by CISA and AVEVA for industrial control systems impact.

Technical details

Mitigation steps:

Affected products:

AVEVA taoimr service

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-61937
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
https://www.aveva.com/en/support-and-success/cyber-security-updates/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page