CVE-2025-65118 – This vulnerability allows authenticated standar... (How to Fix)

Q: What is the severity of CVE-2025-65118?

CVE-2025-65118 has a CVSS score of 8.8 (HIGH). This vulnerability allows authenticated standard users to trick Process Optimization services into loading arbitrary code, leading to privilege escalation to system-level access. This could result in complete compromise of the Model Application Server. Organizations using affected AVEVA software versions are impacted.

📋 TL;DR

This vulnerability allows authenticated standard users to trick Process Optimization services into loading arbitrary code, leading to privilege escalation to system-level access. This could result in complete compromise of the Model Application Server. Organizations using affected AVEVA software versions are impacted.

💻 Affected Systems

Products:

AVEVA Process Optimization

Versions: Specific versions not detailed in provided references; check vendor advisory for exact affected versions

Operating Systems: Windows-based systems (implied by OS System/Standard User context)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated standard user access; affects Process Optimization services on Model Application Server

📦 What is this software?

Process Optimization by Aveva

View all CVEs affecting Process Optimization →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the Model Application Server, potentially leading to data theft, system manipulation, or lateral movement within the network.

🟠

Likely Case

Privilege escalation allowing authenticated users to execute arbitrary code with system privileges, compromising the server's integrity and confidentiality.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege access controls, and monitoring are implemented, though the vulnerability still exists.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access and knowledge of Process Optimization services; CWE-427 indicates uncontrolled search path vulnerability

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea

Restart Required: Yes

Instructions:

1. Review vendor advisory for affected versions. 2. Download and apply the official patch from AVEVA. 3. Restart affected services/systems as required. 4. Verify patch installation.

🔧 Temporary Workarounds

Restrict User Privileges

windows

Limit standard user access to Process Optimization services and Model Application Server

Implement Application Whitelisting

windows

Use application control policies to prevent unauthorized code execution

🧯 If You Can't Patch

Implement strict network segmentation to isolate Model Application Server from untrusted networks
Enforce least privilege access controls and monitor for suspicious privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check installed AVEVA Process Optimization version against vendor advisory; review system logs for unauthorized privilege escalation attempts

Check Version:

Check AVEVA software version through control panel or vendor-specific management tools

Verify Fix Applied:

Verify patch installation through version check; test that standard users cannot escalate privileges via Process Optimization services

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Process Optimization service loading unusual DLLs or executables
Standard user accounts performing system-level operations

Network Indicators:

Unusual outbound connections from Model Application Server
Suspicious authentication patterns to Process Optimization services

SIEM Query:

source="windows_security" event_id="4672" OR event_id="4688" | where user_account contains "standard" AND process_name contains "Process Optimization"

📊 Metadata

CVE ID: CVE-2025-65118

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-427

EPSS Score: 0.01% exploit probability (1.9th percentile)

Published: January 16, 2026

Last Updated: January 22, 2026

🔗 References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json Third Party Advisory
https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea Permissions Required
https://www.aveva.com/en/support-and-success/cyber-security-updates/ Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65118, you might also want to check these: