CVE-2025-61937CRITICAL 10.0EPSS p71.1%

CVE-2025-61937CVE-2025-61937

Description

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the  model application server.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS1.51% probability of exploitation · percentile 71.1% · 2026-06-18T12:00:27Z
Published2026-01-16
Last modified2026-01-22

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
  2. https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
  3. https://www.aveva.com/en/support-and-success/cyber-security-updates/
  4. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-64691
CVE
CVE-2025-65118
CVE
CVE-2025-59461
CVE
CVE-2025-57790
CVE
CVE-2025-1393
CVE
CVE-2025-29902
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.