Cyber Resilience

CVE-2025-65117

High

Published: 16 January 2026

Published
16 January 2026
Modified
22 January 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0020 9.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-65117 is a high-severity Use of Potentially Dangerous Function (CWE-676) vulnerability in Aveva Process Optimization. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-7 (Least Functionality).

Deeper analysis

CVE-2025-65117, published on 2026-01-16, is a privilege escalation vulnerability (CWE-676) with a CVSS v3.1 base score of 7.4 (AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N). It affects AVEVA Process Optimization Designer, where an authenticated Process Optimization Designer User can embed OLE objects into graphics, enabling potential privilege escalation upon victim interaction with those elements.

The attack requires local access, low complexity, high privileges (Process Optimization Designer User authentication), and user interaction from a victim. A miscreant can craft graphics containing embedded OLE objects; when a higher-privileged victim user subsequently interacts with the graphical elements, the attacker escalates to the victim's identity, achieving high impacts on confidentiality and integrity with a changed scope but no availability disruption.

Advisories including CISA ICSA-26-015-01, AVEVA cybersecurity updates, and related software support downloads provide mitigation guidance and patches for this vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Direct priv esc vuln via crafted OLE-embedded graphics requiring victim interaction maps to exploitation for escalation and malicious file execution.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-64729Same product: Aveva Process Optimization
CVE-2025-64691Same product: Aveva Process Optimization
CVE-2025-61943Same product: Aveva Process Optimization
CVE-2025-65118Same product: Aveva Process Optimization
CVE-2025-61937Same product: Aveva Process Optimization
CVE-2025-64769Same product: Aveva Process Optimization

Affected Assets

aveva
process optimization
≤ 2025

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Restricts the Process Optimization Designer User role from embedding OLE objects in graphics, directly blocking the initial step of the privilege-escalation attack.

prevent

Disables or restricts unnecessary capabilities such as OLE embedding within the graphics editor, eliminating the attack vector before any victim interaction occurs.

SC-18 Mobile Code partial match
prevent

Controls the use and execution of mobile code (OLE objects) to prevent automatic or interactive activation that would escalate privileges to the victim user.

References