CVE-2025-14376

Verve Asset Manager – Plaintext Storage Vulnerabilities

CVSS 8.6 HIGHEPSS 0.1%CWE-922

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.6EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

20 jan 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024.

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H

Produtos afetados

Rockwell Automation · Verve Asset Manager

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1767.html