CVE 8.6 HIGH

Verve Asset Manager – Plaintext Storage Vulnerabilities_CVE-2025-14376

January 20, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H

Description

A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024.

AI Analysis

Plaintext secrets stored in environment variables on the ADI server

Basic Information

ID CVE-2025-14376

Source Rockwell

Published Jan 20, 2026 at 13:18

Affected Product

Vendor Rockwell Automation

Product Verve Asset Manager

Version 1.33 1.34 1.35 1.36 1.37 1.38 1.39 1.40 1.41 1.41.1 1.41.2 1.41.3

Affected Versions Rockwell Automation Verve Asset Manager 1.33 1.34 1.35 1.36 1.37 1.38 1.39 1.40 1.41 1.41.1 1.41.2 1.41.3

CWE Classification

CWE-922

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Rockwell Automation

Product Verve Asset Manager

Version 1.33, 1.34, 1.35, 1.36, 1.37, 1.38, 1.39, 1.40, 1.41, 1.41.1, 1.41.2, 1.41.3

References

www.rockwellautomation.com /en-us/trust-center/security-advisories/advisory.SD1767.html

{
    "lastseen": "",
    "description": "A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI\u00a0server. This component has been retired and has been optional since the 1.36 release in 2024.",
    "published": "2026-01-20T13:18:32.484Z",
    "modified": "2026-01-20T13:18:32.484Z",
    "type": "cve",
    "title": "Verve Asset Manager \u2013 Plaintext Storage Vulnerabilities",
    "source": "Rockwell",
    "references": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1767.html",
    "id": "CVE-2025-14376",
    "bulletinFamily": "",
    "cwe": [
        "CWE-922"
    ],
    "cvelist": null,
    "sourceData": "Rockwell Automation Verve Asset Manager 1.33   1.34   1.35   1.36   1.37   1.38   1.39   1.40   1.41  1.41.1   1.41.2   1.41.3",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Verve Asset Manager",
    "version": "1.33   1.34   1.35   1.36   1.37   1.38   1.39   1.40   1.41  1.41.1   1.41.2   1.41.3",
    "vendor": "Rockwell Automation",
    "ai_description": "Plaintext secrets stored in environment variables on the ADI server",
    "ai_severity": "High",
    "ai_vendor": "Rockwell Automation",
    "ai_product": "Verve Asset Manager",
    "ai_version": "1.33, 1.34, 1.35, 1.36, 1.37, 1.38, 1.39, 1.40, 1.41, 1.41.1, 1.41.2, 1.41.3",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply