CVE-2025-1449 Information

Description

A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve’s Legacy Agentless Device Inventory (ADI) capability (deprecated since the 1.36 release) allows users to change a variable with inadequate sanitizing. If exploited it could allow a threat actor with administrative access to run arbitrary commands in the context of the container running the service.

Reference

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1723.html