top of page
perceptive_background_267k.jpg

The vulnerability, if exploited, could allow an authenticated miscreant
(Process Optimization Designer User) to embed OLE objects into graphics,
and escalate …

Published:

15 January 2026 at 23:00:00

Alert date:

16 January 2026 at 03:02:30

Source:

nvd.nist.gov

Click to open the original link from this advisory

Critical Infrastructure, Enterprise Applications

CVE-2025-65117 is a privilege escalation vulnerability in AVEVA's Process Optimization Designer that allows authenticated users to embed OLE objects into graphics. When a victim user interacts with these malicious graphical elements, the attacker can escalate their privileges to the victim's identity. The vulnerability requires authentication as a Process Optimization Designer User but can lead to significant privilege escalation. This affects industrial/OT systems and has been documented by CISA in advisory ICSA-26-015-01.

Technical details

Mitigation steps:

Affected products:

AVEVA Process Optimization Designer

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-65117
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
https://www.aveva.com/en/support-and-success/cyber-security-updates/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page