What is the severity of CVE-2025-1449?

CVE-2025-1449 is classified as a medium severity vulnerability due to its potential impact on the security of the Rockwell Automation Verve Asset Manager.

How do I fix CVE-2025-1449?

To remediate CVE-2025-1449, ensure that sufficient variable sanitizing is implemented in the administrative web interface of the Verve Asset Manager.

What systems are affected by CVE-2025-1449?

CVE-2025-1449 affects the Rockwell Automation Verve Asset Manager, specifically the legacy Agentless Device Inventory capability.

Is CVE-2025-1449 being actively exploited?

As of now, there is no public information indicating that CVE-2025-1449 is being actively exploited in the wild.

What are the consequences of not addressing CVE-2025-1449?

Failing to address CVE-2025-1449 may result in unauthorized access or manipulation of the device inventory within the Rockwell Automation environment.

Vulnerability/
CVE-2025-1449

high

7.5

31/3/2025

1/4/2025

CVE-2025-1449: Admin Shell Access Vulnerability in Rockwell Automation Verve Asset Manager

First published: Mon Mar 31 2025(Updated: )

A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve's Legacy Agentless Device Inventory (ADI) capability (deprecated since the 1.36 release) allows users to change a variable with inadequate sanitizing. If exploited, it could allow a threat actor with administrative access to run arbitrary commands in the context of the container running the service.

Credit: PSIRT@rockwellautomation.com

Affected Software	Affected Version	How to fix
Rockwell Automation Verve Asset Manager

Remedy

Affected Product Affected Version(s) Corrected in Software Revision Verve Asset Manager <=1.39 V1.40

Never miss a vulnerability like this again

Reference Links

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1723.html

Frequently Asked Questions

What is the severity of CVE-2025-1449?
CVE-2025-1449 is classified as a medium severity vulnerability due to its potential impact on the security of the Rockwell Automation Verve Asset Manager.
How do I fix CVE-2025-1449?
To remediate CVE-2025-1449, ensure that sufficient variable sanitizing is implemented in the administrative web interface of the Verve Asset Manager.
What systems are affected by CVE-2025-1449?
CVE-2025-1449 affects the Rockwell Automation Verve Asset Manager, specifically the legacy Agentless Device Inventory capability.
Is CVE-2025-1449 being actively exploited?
As of now, there is no public information indicating that CVE-2025-1449 is being actively exploited in the wild.
What are the consequences of not addressing CVE-2025-1449?
Failing to address CVE-2025-1449 may result in unauthorized access or manipulation of the device inventory within the Rockwell Automation environment.

collector/mitre-cve
source/MITRE
agent/references
agent/title
agent/remedy
agent/first-publish-date
agent/type
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/author
agent/severity
agent/source
agent/tags
agent/event
vendor/rockwell automation
canonical/rockwell automation verve asset manager

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.