CVE-2025-64729

AVEVA Process Optimization Missing Authorization

CVSS 8.6 HIGHEPSS 0.2%CWE-862

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.6EPSS 0.2%KEV nãoPoC —Patch —

Ciclo de vida

16 jan 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H

Produtos afetados

AVEVA · Process Optimization

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea https://www.aveva.com/en/support-and-success/cyber-security-updates/https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01