Cyber Resilience

CVE-2025-65118

Critical

Published: 16 January 2026

Published
16 January 2026
Modified
22 January 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0026 16.8th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-65118 is a critical-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Aveva Process Optimization. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 16.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-65118 is a CWE-427 (Untrusted Search Path) vulnerability affecting the Process Optimization services within AVEVA's Model Application Server. Published on 2026-01-16, it carries a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for privilege escalation and broad impact.

An authenticated attacker with OS Standard User privileges can exploit this vulnerability locally by tricking the Process Optimization services into loading arbitrary code. Successful exploitation enables escalation to OS System privileges, potentially resulting in complete compromise of the Model Application Server.

CISA's ICS Advisory ICSA-26-015-01 and AVEVA's software support and cyber-security updates provide guidance on mitigation and patches, available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01, https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea, and https://www.aveva.com/en/support-and-success/cyber-security-updates/.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CWE-427 Untrusted Search Path directly enables DLL Search Order Hijacking (T1038) for local privilege escalation to SYSTEM (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-61943Same product: Aveva Process Optimization
CVE-2025-64691Same product: Aveva Process Optimization
CVE-2025-64729Same product: Aveva Process Optimization
CVE-2025-65117Same product: Aveva Process Optimization
CVE-2025-64769Same product: Aveva Process Optimization
CVE-2025-61937Same product: Aveva Process Optimization
CVE-2026-7279Shared CWE-427
CVE-2024-9495Shared CWE-427
CVE-2026-24502Shared CWE-427
CVE-2025-69784Shared CWE-427

Affected Assets

aveva
process optimization
≤ 2025

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the CWE-427 untrusted search path vulnerability by requiring timely patching of the affected Process Optimization services in AVEVA's Model Application Server.

prevent

Enforces least privilege on services to limit privilege escalation from OS Standard User to OS System even if arbitrary code is loaded via untrusted search path.

preventdetect

Provides software integrity protection and detection of unauthorized changes, preventing or identifying loading of arbitrary code through untrusted search paths in Process Optimization services.

References