CVE-2025-65117

High

Published: 16 January 2026

Published

16 January 2026

Modified

22 January 2026

KEV Added

—

Patch

—

CVSS Score 7.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

EPSS Score 0.0001 0.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65117 is a high-severity Use of Potentially Dangerous Function (CWE-676) vulnerability in Aveva Process Optimization. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique.

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Direct priv esc vuln via crafted OLE-embedded graphics requiring victim interaction maps to exploitation for escalation and malicious file execution.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.

Deeper analysisAI

CVE-2025-65117, published on 2026-01-16, is a privilege escalation vulnerability (CWE-676) with a CVSS v3.1 base score of 7.4 (AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N). It affects AVEVA Process Optimization Designer, where an authenticated Process Optimization Designer User can embed OLE objects into graphics, enabling potential privilege escalation upon victim interaction with those elements.

The attack requires local access, low complexity, high privileges (Process Optimization Designer User authentication), and user interaction from a victim. A miscreant can craft graphics containing embedded OLE objects; when a higher-privileged victim user subsequently interacts with the graphical elements, the attacker escalates to the victim's identity, achieving high impacts on confidentiality and integrity with a changed scope but no availability disruption.

Advisories including CISA ICSA-26-015-01, AVEVA cybersecurity updates, and related software support downloads provide mitigation guidance and patches for this vulnerability.

Details

CWE(s): CWE-676

Affected Products

aveva

process optimization

≤ 2025

CVEs Like This One

CVE-2025-64729Same product: Aveva Process Optimization

CVE-2025-61943Same product: Aveva Process Optimization

CVE-2025-64691Same product: Aveva Process Optimization

CVE-2025-65118Same product: Aveva Process Optimization

CVE-2025-61937Same product: Aveva Process Optimization

CVE-2025-64769Same product: Aveva Process Optimization

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
Third Party Advisory · ics-cert@hq.dhs.gov
https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
Permissions Required · ics-cert@hq.dhs.gov
https://www.aveva.com/en/support-and-success/cyber-security-updates/
Vendor Advisory · ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
Third Party Advisory, US Government Resource · ics-cert@hq.dhs.gov