A high-severity security vulnerability (CVE-2025-1449) affecting its Verve Asset Manager product could allow attackers with administrative access to execute arbitrary commands. The company’s security advisory (SD1723) provides additional technical details and guidance for affected customers, including access to Vulnerability Exploitability Exchange format documentation for the CVE-2025-1449 vulnerability. For customers unable to immediately upgrade, Rockwell recommends applying security best practices where possible, although they note that no specific workarounds are available for this vulnerability. The ability to execute arbitrary commands could potentially allow attackers to disrupt industrial processes, access sensitive information, or establish persistence within affected networks. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This vulnerability allows threat actors with administrative privileges to execute arbitrary commands within the context of the container that runs the service. The advisory confirms that while this is a critical vulnerability, it has not been added to CISA’s Known Exploited Vulnerability (KEV) database, suggesting there is no evidence of active exploitation in the wild as of the publication date. Industrial organizations using Rockwell Automation’s Verve Asset Manager should conduct immediate risk assessments and prioritize remediation based on their exposure and the criticality of systems running the vulnerable software. The vulnerability, discovered in versions 1.39 and earlier, has been assigned a CVSS Base Score of 9.1 (v3.1), indicating critical severity and significant potential impact. Rockwell Automation stated that customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization for remediation planning.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 01 Apr 2025 14:25:04 +0000