Process Optimization
CVE-2025-64691
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.
AnalysisAI
The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server. [CVSS 8.8 HIGH]
Technical ContextAI
Classified as CWE-94 (Code Injection). Affects Process Optimization. The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.
RemediationAI
Monitor vendor advisories for a patch.
More in Process Optimization
View allA CVSS 10.0 code injection vulnerability allows unauthenticated attackers to achieve remote code execution with OS-level
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimizatio
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optim
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed O
The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted an
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today