PatchSiren cyber security CVE debrief
CVE-2025-1449 Rockwell Automation CVE debrief
CVE-2025-1449 is a critical vulnerability in Rockwell Automation Verve Asset Manager affecting versions up to 1.39. In the Legacy Active Directory Interface (ADI) administrative web interface, an inadequately sanitized variable can be modified by an authenticated administrative user, creating a path to arbitrary command execution in the container running the service. Rockwell Automation reports the issue is corrected in version 1.40; the Legacy ADI capability is described as deprecated since the 1.36 release.
- Vendor
- Rockwell Automation
- Product
- Verve Asset Manager
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-25
- Original CVE updated
- 2025-03-25
- Advisory published
- 2025-03-25
- Advisory updated
- 2025-03-25
Who should care
Industrial control system administrators, Rockwell Automation Verve Asset Manager owners, OT security teams, and anyone operating or reviewing the product’s administrative web interface—especially environments that still rely on the deprecated Legacy ADI capability.
Technical summary
The advisory describes an insufficient variable sanitization issue in a portion of Verve Asset Manager’s administrative web interface tied to Legacy ADI. The stated impact is command execution in the context of the service container, and the provided CVSS vector reflects high impact with high privileges required (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). The affected product scope in the supplied CSAF data is Rockwell Automation Verve Asset Manager <= 1.39, with remediation in 1.40.
Defensive priority
High. The vulnerability is rated 9.1/CRITICAL in the supplied data and can lead to arbitrary command execution if an attacker already has administrative access. Prioritize patching and access restriction for any exposed administrative interface, especially where Legacy ADI remains enabled or in use.
Recommended defensive actions
- Upgrade Rockwell Automation Verve Asset Manager to version 1.40 or later.
- If immediate upgrade is not possible, restrict administrative access to the Verve Asset Manager interface to only trusted management networks and users.
- Review whether Legacy ADI is still needed; reduce or disable use of deprecated functionality where operationally feasible.
- Apply Rockwell Automation's security advisory guidance and general ICS security best practices.
- Monitor administrative activity and container/service logs for unexpected changes or command execution indicators.
- Confirm that the affected deployment is not running a version at or below 1.39.
Evidence notes
All claims here are taken from the supplied CISA CSAF advisory data for ICSA-25-084-02 / CVE-2025-1449, published and modified on 2025-03-25. The source states the issue affects Verve Asset Manager <= 1.39, involves insufficient variable sanitizing in the Legacy ADI administrative web interface, and is corrected in version 1.40. No KEV listing was provided in the source corpus.
Official resources
-
CVE-2025-1449 CVE record
CVE.org
-
CVE-2025-1449 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA advisory ICSA-25-084-02 on 2025-03-25. The supplied data does not indicate KEV listing or known ransomware campaign use.