CVE-2025-64729
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-16

Last updated on: 2026-01-16

Assigner: ICS-CERT

Description
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-16
Last Modified
2026-01-16
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64729
EUVD
EUVD-2026-2995
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
aveva pi_integrator_for_business_analytics to 2020_r2_sp1 (exc)
aveva pi_web_api *
aveva pi_connector_for_cygnet *
aveva pi_data_archive *
aveva suitelink_server *
aveva historian_server *
aveva pi_af_client *
aveva edge *
aveva pi_server *
aveva operations_control_logger *
aveva plant_scada *
aveva telemetry_server *
aveva in_touch_access_anywhere *
aveva system_platform *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability allows an authenticated user with standard OS privileges to tamper with Process Optimization project files by embedding code. Exploiting this flaw enables the attacker to escalate their privileges to impersonate a victim user who later interacts with the compromised project files.

Impact Analysis

If exploited, this vulnerability can lead to unauthorized code execution within Process Optimization projects, privilege escalation to another user's identity, and potential compromise of system integrity and confidentiality. This could result in unauthorized actions being performed under the victim user's credentials, potentially affecting system operations and data security.

Mitigation Strategies

Apply the latest security updates and patches provided by AVEVA for the affected products to mitigate this vulnerability. Regularly check AVEVA's official cyber security updates page for advisories and updates related to this and other vulnerabilities. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64729. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart