Cyber Resilience

CVE-2025-64691

Critical

Published: 16 January 2026

Published
16 January 2026
Modified
22 January 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0029 20.8th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-64691 is a critical-severity Code Injection (CWE-94) vulnerability in Aveva Process Optimization. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-64691, published on 2026-01-16, is a high-severity vulnerability (CVSS 8.8, CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) classified as CWE-94 (code injection). It affects the model application server in AVEVA software, enabling an authenticated OS standard user to tamper with TCL Macro scripts.

An authenticated attacker with OS standard user privileges can exploit this vulnerability locally with low complexity and no user interaction. Successful exploitation allows privilege escalation to OS system level, potentially resulting in complete compromise of the model application server.

Advisories from CISA (ICSA-26-015-01) and AVEVA provide mitigation guidance, including patches available via AVEVA's software support downloads and cybersecurity updates pages.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local code injection into TCL macros directly enables exploitation for privilege escalation from standard user to system level.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-61943Same product: Aveva Process Optimization
CVE-2025-61937Same product: Aveva Process Optimization
CVE-2025-65117Same product: Aveva Process Optimization
CVE-2025-65118Same product: Aveva Process Optimization
CVE-2025-64729Same product: Aveva Process Optimization
CVE-2025-64769Same product: Aveva Process Optimization
CVE-2025-25943Shared CWE-94
CVE-2025-33240Shared CWE-94
CVE-2026-26682Shared CWE-94
CVE-2024-7425Shared CWE-94

Affected Assets

aveva
process optimization
≤ 2025

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely application of vendor patches directly remediates the code injection flaw in TCL Macro scripts, preventing privilege escalation exploitation.

prevent

Restricting change access to configuration-controlled components like TCL Macro scripts prevents authenticated standard users from tampering with them.

prevent

Enforcing least privilege on standard user accounts limits the scope and impact of potential privilege escalation from script tampering.

References