Verve Asset Manager Access Control Vulnerability_CVE-2025-11862

8.4 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:L/SA:H

Description

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API.

Basic Information

ID CVE-2025-11862

Source Rockwell

Published Nov 11, 2025 at 13:43

Affected Product

Vendor Rockwell Automation

Product Verve Asset Manager

Version 1.33, 1.34, 1.35, 1.36, 1.37, 1.38, 1.39, 1.40, 1.41, 1.41.1, 1.41.2, 1.41.3

Affected Versions Rockwell Automation Verve Asset Manager 1.33, 1.34, 1.35, 1.36, 1.37, 1.38, 1.39, 1.40, 1.41, 1.41.1, 1.41.2, 1.41.3

CWE Classification

CWE-863

References

www.rockwellautomation.com /en-us/trust-center/security-advisories/advisory.SD1759.html

{
    "lastseen": "",
    "description": "A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API.",
    "published": "2025-11-11T13:43:10.584Z",
    "modified": "2025-11-11T13:43:10.584Z",
    "type": "cve",
    "title": "Verve Asset Manager Access Control Vulnerability",
    "source": "Rockwell",
    "references": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1759.html",
    "id": "CVE-2025-11862",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "Rockwell Automation Verve Asset Manager 1.33,  1.34,  1.35,  1.36,  1.37,  1.38,  1.39,  1.40,  1.41, 1.41.1,  1.41.2,  1.41.3",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:L/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Verve Asset Manager",
    "version": "1.33,  1.34,  1.35,  1.36,  1.37,  1.38,  1.39,  1.40,  1.41, 1.41.1,  1.41.2,  1.41.3",
    "vendor": "Rockwell Automation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}