{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T00:04:36.722","vulnerabilities":[{"cve":{"id":"CVE-2025-65118","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-01-16T02:16:46.003","lastModified":"2026-01-22T15:13:00.017","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The vulnerability, if exploited, could allow an authenticated miscreant \n(OS Standard User) to trick Process Optimization services into loading \narbitrary code and escalate privileges to OS System, potentially \nresulting in complete compromise of the Model Application Server."},{"lang":"es","value":"La vulnerabilidad, si se explota, podría permitir a un malhechor autenticado (Usuario Estándar del SO) engañar a los servicios de Optimización de Procesos para que carguen código arbitrario y escalar privilegios a Sistema del SO, lo que podría resultar en un compromiso completo del servidor de aplicaciones del modelo."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-427"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aveva:process_optimization:*:*:*:*:*:*:*:*","versionEndExcluding":"2025","matchCriteriaId":"6048CC3D-EA33-484F-9223-10632815D595"}]}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory"]},{"url":"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea","source":"ics-cert@hq.dhs.gov","tags":["Permissions Required"]},{"url":"https://www.aveva.com/en/support-and-success/cyber-security-updates/","source":"ics-cert@hq.dhs.gov","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]}]}}]}