CVE-2025-64729 is a vulnerability identified in AVEVA Process Optimization, a software product widely used in industrial process management and optimization. The root cause is an improper authorization flaw (CWE-862), which allows an authenticated user with standard OS-level privileges to tamper with project files. Specifically, a miscreant with low-level access can modify these files to embed malicious code. When a victim user subsequently interacts with the compromised project files, the attacker can escalate their privileges to impersonate that victim, effectively gaining their identity and associated permissions within the application. This privilege escalation can lead to significant confidentiality and integrity violations, as the attacker can execute unauthorized actions under the guise of a legitimate user. The vulnerability requires user interaction (the victim must open or interact with the tampered project files) and low privileges, making exploitation feasible in environments where multiple users share access to the software. The CVSS 3.1 base score of 8.1 (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L) indicates a high-severity issue with low attack complexity, low privilege requirements, but requiring user interaction and resulting in a scope change with high confidentiality and integrity impact and low availability impact. No public exploits are known yet, and no patches are currently linked, indicating that organizations should proactively prepare mitigations. The vulnerability was reserved in late 2025 and published in early 2026, reflecting recent discovery and disclosure.

For European organizations, especially those in industrial sectors such as manufacturing, energy, and utilities that rely on AVEVA Process Optimization, this vulnerability poses a significant risk. Successful exploitation can lead to unauthorized access to sensitive process data, manipulation of optimization parameters, and potential sabotage of industrial processes. The ability to escalate privileges and impersonate other users undermines trust in user accountability and can facilitate further lateral movement within the network. Confidentiality breaches could expose proprietary process information or intellectual property, while integrity violations could cause incorrect process optimizations, potentially leading to operational disruptions or safety hazards. Although availability impact is low, the indirect consequences of corrupted process data can be severe. European critical infrastructure operators using this software are particularly vulnerable, as attackers could leverage this flaw to disrupt essential services or cause physical damage. The lack of known exploits suggests a window of opportunity for defenders to implement mitigations before active exploitation occurs.

1. Implement strict access controls to limit the number of users with write permissions to Process Optimization project files. 2. Enforce the principle of least privilege at both OS and application levels to restrict standard users from modifying critical files. 3. Monitor and audit project file integrity regularly using file integrity monitoring tools to detect unauthorized changes promptly. 4. Educate users about the risks of interacting with potentially tampered project files and encourage verification of file sources. 5. Isolate the AVEVA Process Optimization environment from general user workstations to reduce exposure. 6. Apply vendor patches immediately once available; engage with AVEVA support to obtain updates or workarounds. 7. Use application whitelisting and endpoint detection and response (EDR) solutions to detect suspicious code execution within the application context. 8. Implement multi-factor authentication and session monitoring to detect anomalous user behavior that could indicate privilege escalation. 9. Establish incident response procedures specific to industrial control system environments to quickly respond to potential exploitation attempts.