Cyber Posture

CVE-2025-64691

High

Published: 16 January 2026

Published
16 January 2026
Modified
22 January 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0001 2.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-64691 is a high-severity Code Injection (CWE-94) vulnerability in Aveva Process Optimization. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely application of vendor patches directly remediates the code injection flaw in TCL Macro scripts, preventing privilege escalation exploitation.

CM-5 Access Restrictions for Change good match
prevent

Restricting change access to configuration-controlled components like TCL Macro scripts prevents authenticated standard users from tampering with them.

AC-6 Least Privilege partial match
prevent

Enforcing least privilege on standard user accounts limits the scope and impact of potential privilege escalation from script tampering.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local code injection into TCL macros directly enables exploitation for privilege escalation from standard user to system level.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.

Deeper analysisAI

CVE-2025-64691, published on 2026-01-16, is a high-severity vulnerability (CVSS 8.8, CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) classified as CWE-94 (code injection). It affects the model application server in AVEVA software, enabling an authenticated OS standard user to tamper with TCL Macro scripts.

An authenticated attacker with OS standard user privileges can exploit this vulnerability locally with low complexity and no user interaction. Successful exploitation allows privilege escalation to OS system level, potentially resulting in complete compromise of the model application server.

Advisories from CISA (ICSA-26-015-01) and AVEVA provide mitigation guidance, including patches available via AVEVA's software support downloads and cybersecurity updates pages.

Details

CWE(s)
CWE-94

Affected Products

aveva
process optimization
≤ 2025

CVEs Like This One

CVE-2025-61937Same product: Aveva Process Optimization
CVE-2025-61943Same product: Aveva Process Optimization
CVE-2025-65118Same product: Aveva Process Optimization
CVE-2025-64729Same product: Aveva Process Optimization
CVE-2025-65117Same product: Aveva Process Optimization
CVE-2025-64769Same product: Aveva Process Optimization
CVE-2025-25943Shared CWE-94
CVE-2025-63421Shared CWE-94
CVE-2024-7425Shared CWE-94
CVE-2026-26682Shared CWE-94

References