What is CVE-2025-64691?

CVE-2025-64691 is a high-severity vulnerability in Aveva Process Optimization, classified under Code Injection. CVSS score: 8.8/10. Published 2026-01-16.

How severe is CVE-2025-64691?

High severity. CVSS v3 base score is 8.8 out of 10.

RCE in Aveva Process Optimization

CVE-2025-64691

The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application serv…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.000 (3.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Aveva Process Optimization — versions 0

Weakness classification (CWE)

CWE-94 — Code Injection

References

www.aveva.com/en/support-and-success/cyber-security-updates/
softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde…
www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.js…

Frequently asked questions

What is CVE-2025-64691?: CVE-2025-64691 is a high-severity vulnerability in Aveva Process Optimization, classified under Code Injection. CVSS score: 8.8/10. Published 2026-01-16.
How severe is CVE-2025-64691?: High severity. CVSS v3 base score is 8.8 out of 10.