CVE-2025-1449

Published: Mar 31, 2025

Modified: Mar 31, 2025

PUBLISHED

Description

A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve's Legacy Agentless Device Inventory (ADI) capability (deprecated since the 1.36 release) allows users to change a variable with inadequate sanitizing. If exploited, it could allow a threat actor with administrative access to run arbitrary commands in the context of the container running the service.

Vendor	Product	Versions
Rockwell Automation	Verve Asset Manager	affected `<=1.39`

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1723.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-1449

Description

Affected Products

References