CVE-2025-64729HIGH 8.2EPSS p6.7%

CVE-2025-64729CVE-2025-64729

Description

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS0.17% probability of exploitation · percentile 6.7% · 2026-06-18T12:00:27Z
Published2026-01-16
Last modified2026-01-22

Underlying weaknesses· 1

CWE-862

References

  1. https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
  2. https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
  3. https://www.aveva.com/en/support-and-success/cyber-security-updates/
  4. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-65118
CVE
CVE-2025-64691
CVE
CVE-2025-36890
CVE
CVE-2025-22429
CVE
CVE-2025-36899
CVE
CVE-2025-1127
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.