Vulnerability Description
A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve's Legacy Agentless Device Inventory (ADI) capability (deprecated since the 1.36 release) allows users to change a variable with inadequate sanitizing. If exploited, it could allow a threat actor with administrative access to run arbitrary commands in the context of the container running the service.
References
FAQ
What is CVE-2025-1449?
CVE-2025-1449 is a documented vulnerability. A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve's Legacy Agentless Device Invento...
How severe is CVE-2025-1449?
CVSS scoring is not yet available for CVE-2025-1449. Check NVD for updates.
Is there a patch for CVE-2025-1449?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.