CVE-2025-61937
- Source
- https://cve.org/CVERecord?id=CVE-2025-61937
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61937.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-61937
- Published
- 2026-01-16T02:16:42.833Z
- Modified
- 2026-03-15T22:51:22.102294Z
- Severity
-
- 10.0 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server.
- References
-
- https://www.aveva.com/en/support-and-success/cyber-security-updates/
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
- https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea