CVE-2025-61937
CRITICAL
10.0
CVSS 3.1
Description
The vulnerability, if exploited, could allow an unauthenticated
miscreant to achieve remote code execution under OS system privileges of
“taoimr” service, potentially resulting in complete compromise of the model application server.
Metadata
Severity & Metrics
10.0
CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| AVEVA | Process Optimization | — | 0 ≤ 2024.1 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-94 | cna | CWE-94 |
CVSS scores (2)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 10.0 | CRITICAL | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| 10.0 | CRITICAL | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
References (4)
- https://www.aveva.com/en/support-and-success/cyber-security-updates/
- https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json