top of page
perceptive_background_267k.jpg

The vulnerability, if exploited, could allow an authenticated miscreant
(OS Standard User) to trick Process Optimization services into loading
arbitrary code …

Published:

15 January 2026 at 23:00:00

Alert date:

16 January 2026 at 03:02:30

Source:

nvd.nist.gov

Click to open the original link from this advisory

Critical Infrastructure, Enterprise Applications

CVE-2025-65118 is a privilege escalation vulnerability in AVEVA Process Optimization services. An authenticated OS Standard User can exploit this vulnerability to trick the Process Optimization services into loading arbitrary code. Successful exploitation allows privilege escalation to OS System level, potentially resulting in complete compromise of the Model Application Server. The vulnerability affects AVEVA industrial control systems and poses significant risk to operational technology environments.

Technical details

Mitigation steps:

Affected products:

AVEVA Process Optimization
Model Application Server

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-65118
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
https://www.aveva.com/en/support-and-success/cyber-security-updates/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page