CVE-2025-65117 – This vulnerability allows authenticated Process... (How to Fix)

Q: What is the severity of CVE-2025-65117?

CVE-2025-65117 has a CVSS score of 7.4 (HIGH). This vulnerability allows authenticated Process Optimization Designer users to embed OLE objects into graphics, which can escalate their privileges to the identity of any user who interacts with those graphical elements. It affects AVEVA software users with Process Optimization Designer access. The attack requires initial authentication but enables privilege escalation through user interaction.

📋 TL;DR

This vulnerability allows authenticated Process Optimization Designer users to embed OLE objects into graphics, which can escalate their privileges to the identity of any user who interacts with those graphical elements. It affects AVEVA software users with Process Optimization Designer access. The attack requires initial authentication but enables privilege escalation through user interaction.

💻 Affected Systems

Products:

AVEVA Process Optimization Designer

Versions: Specific versions not detailed in provided references; check vendor advisory for exact affected versions

Operating Systems: Windows (based on OLE object functionality)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Process Optimization Designer user role; exploitation depends on user interaction with embedded graphical elements.

📦 What is this software?

Process Optimization by Aveva

View all CVEs affecting Process Optimization →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated malicious insider could embed malicious OLE objects that, when interacted with by administrators or high-privilege users, would grant the attacker full system control and potentially compromise the entire industrial control system.

🟠

Likely Case

An authenticated user with Process Optimization Designer access could escalate their privileges to gain unauthorized access to sensitive systems or data by tricking other users into interacting with manipulated graphics.

🟢

If Mitigated

With proper access controls, network segmentation, and user awareness training, the impact is limited to isolated systems with minimal data exposure.

🌐 Internet-Facing: LOW - This vulnerability requires authenticated access and user interaction, making remote exploitation unlikely unless the system is directly exposed with valid credentials.

🏢 Internal Only: HIGH - This is primarily an internal threat where authenticated users can exploit the vulnerability to escalate privileges within the organization's network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access as Process Optimization Designer user plus social engineering or positioning to get victim interaction with manipulated graphics.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea

Restart Required: Yes

Instructions:

1. Review vendor advisory for affected versions. 2. Download and apply the official patch from AVEVA support portal. 3. Restart affected systems. 4. Verify patch installation and test functionality.

🔧 Temporary Workarounds

Restrict Process Optimization Designer Access

all

Limit Process Optimization Designer user roles to trusted personnel only and implement least privilege principles.

User Awareness Training

all

Train users to avoid interacting with unexpected or suspicious graphical elements in the software.

🧯 If You Can't Patch

Implement strict access controls and monitor Process Optimization Designer user activities
Segment network to isolate affected systems and limit lateral movement potential

🔍 How to Verify

Check if Vulnerable:

Check if you have AVEVA Process Optimization Designer installed and review user roles for Process Optimization Designer access.

Check Version:

Check AVEVA software documentation for version verification commands specific to your installation.

Verify Fix Applied:

Verify patch installation through software version check and confirm no unauthorized privilege escalation occurs in testing.

📡 Detection & Monitoring

Log Indicators:

Unusual Process Optimization Designer user activity
Multiple privilege escalation attempts
Unexpected OLE object embedding in graphics

Network Indicators:

Unusual authentication patterns from Process Optimization Designer users
Lateral movement attempts following graphic interactions

SIEM Query:

source="AVEVA_Logs" AND (event_type="privilege_escalation" OR user_role="Process_Optimization_Designer" AND action="embed_OLE")

📊 Metadata

CVE ID: CVE-2025-65117

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

CWE: CWE-676

EPSS Score: 0.01% exploit probability (1.3th percentile)

Published: January 16, 2026

Last Updated: January 22, 2026

🔗 References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json Third Party Advisory
https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea Permissions Required
https://www.aveva.com/en/support-and-success/cyber-security-updates/ Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65117, you might also want to check these: