本頁列出影響 aveva process_optimization 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-65118 | The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server. | [email protected] | 9.3 | 0.26% | 2026-01-16 | 2026-01-22 |
| CVE-2025-65117 | The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements. | [email protected] | 8.5 | 0.20% | 2026-01-16 | 2026-01-22 |
| CVE-2025-64769 | The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios. | [email protected] | 7.6 | 0.16% | 2026-01-16 | 2026-01-22 |
| CVE-2025-64729 | The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files. | [email protected] | 8.6 | 0.17% | 2026-01-16 | 2026-01-22 |
| CVE-2025-64691 | The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server. | [email protected] | 9.3 | 0.29% | 2026-01-16 | 2026-01-22 |
| CVE-2025-61943 | The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server. | [email protected] | 9.3 | 0.33% | 2026-01-16 | 2026-01-22 |
| CVE-2025-61937 | The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server. | [email protected] | 10.0 | 1.51% | 2026-01-16 | 2026-01-22 |