top of page
perceptive_background_267k.jpg

The vulnerability, if exploited, could allow an authenticated miscreant
(Process Optimization Designer User) to embed OLE objects into graphics,
and escalate …

Published:

15 January 2026 at 23:00:00

Alert date:

16 January 2026 at 17:05:17

Source:

nvd.nist.gov

Click to open the original link from this advisory

Critical Infrastructure, Enterprise Applications

CVE-2025-65117 is a privilege escalation vulnerability affecting AVEVA's Process Optimization Designer. An authenticated user with Process Optimization Designer User privileges can exploit this vulnerability by embedding malicious OLE objects into graphics. When a victim user interacts with these compromised graphical elements, the attacker can escalate their privileges to the identity of the victim user. This vulnerability requires initial authentication but allows for horizontal privilege escalation through social engineering via embedded graphics objects.

Technical details

Mitigation steps:

Affected products:

AVEVA Process Optimization Designer

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-65117
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
https://www.aveva.com/en/support-and-success/cyber-security-updates/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page