CVE-2025-65118

High

Published: 16 January 2026

Published

16 January 2026

Modified

22 January 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0001 0.8th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65118 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Aveva Process Optimization. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Search Order Hijacking (T1038); ranked at the 0.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Search Order Hijacking (T1038) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the CWE-427 untrusted search path vulnerability by requiring timely patching of the affected Process Optimization services in AVEVA's Model Application Server.

AC-6 Least Privilege good match

prevent

Enforces least privilege on services to limit privilege escalation from OS Standard User to OS System even if arbitrary code is loaded via untrusted search path.

SI-7 Software, Firmware, and Information Integrity good match

preventdetect

Provides software integrity protection and detection of unauthorized changes, preventing or identifying loading of arbitrary code through untrusted search paths in Process Optimization services.

MITRE ATT&CK Enterprise TechniquesAI

T1038 DLL Search Order Hijacking Persistence

Windows systems use a common method to look for required DLLs to load into a program.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CWE-427 Untrusted Search Path directly enables DLL Search Order Hijacking (T1038) for local privilege escalation to SYSTEM (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.

Deeper analysisAI

CVE-2025-65118 is a CWE-427 (Untrusted Search Path) vulnerability affecting the Process Optimization services within AVEVA's Model Application Server. Published on 2026-01-16, it carries a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for privilege escalation and broad impact.

An authenticated attacker with OS Standard User privileges can exploit this vulnerability locally by tricking the Process Optimization services into loading arbitrary code. Successful exploitation enables escalation to OS System privileges, potentially resulting in complete compromise of the Model Application Server.

CISA's ICS Advisory ICSA-26-015-01 and AVEVA's software support and cyber-security updates provide guidance on mitigation and patches, available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01, https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea, and https://www.aveva.com/en/support-and-success/cyber-security-updates/.

Details

CWE(s): CWE-427

Affected Products

aveva

process optimization

≤ 2025

CVEs Like This One

CVE-2025-64691Same product: Aveva Process Optimization

CVE-2025-61943Same product: Aveva Process Optimization

CVE-2025-65117Same product: Aveva Process Optimization

CVE-2025-64729Same product: Aveva Process Optimization

CVE-2025-61937Same product: Aveva Process Optimization

CVE-2025-64769Same product: Aveva Process Optimization

CVE-2026-3775Shared CWE-427

CVE-2024-9497Shared CWE-427

CVE-2024-9499Shared CWE-427

CVE-2026-7279Shared CWE-427

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
Third Party Advisory · ics-cert@hq.dhs.gov
https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
Permissions Required · ics-cert@hq.dhs.gov
https://www.aveva.com/en/support-and-success/cyber-security-updates/
Vendor Advisory · ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
Third Party Advisory, US Government Resource · ics-cert@hq.dhs.gov