Rockwell Automation encountered a high-severity security vulnerability (CVE-2025-1449) in its Verve Asset Manager, affecting all versions up to 1.39. The flaw, due to inadequate input sanitization, could let attackers with administrative privileges execute arbitrary commands. With a CVSS base score of 9.1, the vulnerability poses a critical risk, potentially enabling the disruption of industrial processes, unauthorized access to sensitive data, or long-term presence within the network. Rockwell has released a patch in version 1.40 and recommends immediate upgrading to mitigate the issue.
Source: https://cybersecuritynews.com/rockwell-automation-vulnerability-let-attackers-gain-access/
"id": "roc602040125",
"linkid": "rockwell-automation",
"type": "Vulnerability",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"