Process Optimization
CVE-2025-61937
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server.
AnalysisAI
A CVSS 10.0 code injection vulnerability allows unauthenticated attackers to achieve remote code execution with OS-level system privileges on the affected product.
Technical ContextAI
This CWE-94 code injection vulnerability allows unauthenticated network-based attackers to inject and execute arbitrary code that runs with operating system system-level privileges, providing complete control over the target.
RemediationAI
Apply vendor patches immediately. If no patch is available, restrict network access to the vulnerable service and implement WAF rules.
More in Process Optimization
View allThe vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scr
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimizatio
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optim
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed O
The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted an
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today