CVE-2025-1449

A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve’s Legacy Agentless Device Inventory (ADI) capability (deprecated since the 1.36 release) allows users to change a variable with inadequate sanitizing. If exploited, it could allow a threat actor with administrative access to run arbitrary commands in the context of the container running the service.

Assigner : PSIRT@rockwellautomation.com

More information : https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1723.html