CVE-2025-64691
- Source
- https://cve.org/CVERecord?id=CVE-2025-64691
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64691.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-64691
- Published
- 2026-01-16T02:16:45.293Z
- Modified
- 2026-03-15T21:45:09.750662Z
- Severity
-
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.
- References
-
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
- https://www.aveva.com/en/support-and-success/cyber-security-updates/
- https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea