CVE 8.8 HIGH

Verve Asset Manager – Plaintext Storage Vulnerabilities_CVE-2025-14377

January 20, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H

Description

A security issue was discovered within the legacy Ansible playbook component of Verve Asset Manager, caused by plaintext secrets incorrectly stored when a playbook is running. This component has been retired and has been optional since the 1.36 release in 2024.

AI Analysis

Plaintext secrets stored incorrectly when a playbook is running in the legacy Ansible playbook component

Basic Information

ID CVE-2025-14377

Source Rockwell

Published Jan 20, 2026 at 13:21

Affected Product

Vendor Rockwell Automation

Product Verve Asset Manager

Version 1.33 1.34 1.35 1.36 1.37 1.38 1.39 1.40 1.41 1.41.1 1.41.2 1.41.3

Affected Versions Rockwell Automation Verve Asset Manager 1.33 1.34 1.35 1.36 1.37 1.38 1.39 1.40 1.41 1.41.1 1.41.2 1.41.3

CWE Classification

CWE-312

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Rockwell Automation

Product Verve Asset Manager

Version 1.33, 1.34, 1.35, 1.36, 1.37, 1.38, 1.39, 1.40, 1.41, 1.41.1, 1.41.2, 1.41.3

References

www.rockwellautomation.com /en-us/trust-center/security-advisories/advisory.SD1767.html

{
    "lastseen": "",
    "description": "A security issue was discovered within the legacy Ansible playbook component of Verve Asset Manager, caused by plaintext secrets incorrectly stored when a playbook is running. This component has been retired and has been optional since the 1.36 release in 2024.",
    "published": "2026-01-20T13:21:40.649Z",
    "modified": "2026-01-20T13:21:54.152Z",
    "type": "cve",
    "title": "Verve Asset Manager \u2013 Plaintext Storage Vulnerabilities",
    "source": "Rockwell",
    "references": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1767.html",
    "id": "CVE-2025-14377",
    "bulletinFamily": "",
    "cwe": [
        "CWE-312"
    ],
    "cvelist": null,
    "sourceData": "Rockwell Automation Verve Asset Manager 1.33   1.34   1.35   1.36   1.37   1.38   1.39   1.40   1.41  1.41.1   1.41.2   1.41.3",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Verve Asset Manager",
    "version": "1.33   1.34   1.35   1.36   1.37   1.38   1.39   1.40   1.41  1.41.1   1.41.2   1.41.3",
    "vendor": "Rockwell Automation",
    "ai_description": "Plaintext secrets stored incorrectly when a playbook is running in the legacy Ansible playbook component",
    "ai_severity": "High",
    "ai_vendor": "Rockwell Automation",
    "ai_product": "Verve Asset Manager",
    "ai_version": "1.33, 1.34, 1.35, 1.36, 1.37, 1.38, 1.39, 1.40, 1.41, 1.41.1, 1.41.2, 1.41.3",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply