Vulnerability Description
The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aveva | Process Optimization | < 2025 |
Related Weaknesses (CWE)
References
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-01Third Party Advisory
- https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0dPermissions Required
- https://www.aveva.com/en/support-and-success/cyber-security-updates/Vendor Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2025-61937?
CVE-2025-61937 is a vulnerability with a CVSS score of 10.0 (CRITICAL). The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromis...
How severe is CVE-2025-61937?
CVE-2025-61937 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-61937?
Check the references section above for vendor advisories and patch information. Affected products include: Aveva Process Optimization.