CVE-2025-11862

Summary

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationVerve Asset Manager1.33, 1.34, 1.35, 1.36, 1.37, 1.38, 1.39, 1.40, 1.41, 1.41.1, 1.41.2, 1.41.3affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References