CVE-2025-65118
- Source
- https://cve.org/CVERecord?id=CVE-2025-65118
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65118.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-65118
- Published
- 2026-01-16T02:16:46.003Z
- Modified
- 2026-03-15T22:51:24.940224Z
- Severity
-
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.
- References
-
- https://www.aveva.com/en/support-and-success/cyber-security-updates/
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
- https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea