T
he vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server.
References
| Link | Resource |
|---|---|
| https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json | Third Party Advisory |
| https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea | Permissions Required |
| https://www.aveva.com/en/support-and-success/cyber-security-updates/ | Vendor Advisory |
| https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01 | Third Party Advisory US Government Resource |
Configurations
History
22 Jan 2026, 15:20
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:aveva:process_optimization:*:*:*:*:*:*:*:* | |
| References | () https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json - Third Party Advisory | |
| References | () https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea - Permissions Required | |
| References | () https://www.aveva.com/en/support-and-success/cyber-security-updates/ - Vendor Advisory | |
| References | () https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01 - Third Party Advisory, US Government Resource | |
| First Time |
Aveva process Optimization
Aveva |
16 Jan 2026, 02:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-16 02:16
Updated : 2026-01-22 15:20
NVD link : CVE-2025-61937
Mitre link : CVE-2025-61937
CVE.ORG link : CVE-2025-61937
JSON object : View
Products Affected
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')