CVE-2025-14376

Published: Jan 20, 2026

Modified: Jan 20, 2026

PUBLISHED

Description

A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024.

Vendor	Product	Versions
Rockwell Automation	Verve Asset Manager	affected `1.33 1.34 1.35 1.36 1.37 1.38 1.39 1.40 1.41 1.41.1 1.41.2 1.41.3`

Weaknesses (CWE)

CWE-922

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1767.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-14376

Description

Affected Products

Weaknesses (CWE)

References