cve 2025 11862

About this tag
CVE-2025-11862 is a critical privilege escalation vulnerability in Rockwell Automation's Verve Asset Manager. The flaw allows read-only API users to perform administrative actions such as reading, updating, and deleting user accounts. With a CVSS v3.1 score of 9.9, it is considered extremely severe. Rockwell discovered the issue internally and released patches in Verve Asset Manager versions 1.41.4 and 1.42. Organizations using affected builds should prioritize applying the fix immediately to prevent unauthorized access and account manipulation.
  1. CVE-2025-11862: Verve Asset Manager Read-Only API Privilege Escalation Patch Now

    Rockwell Automation has released a security advisory confirming a serious access-control vulnerability in Verve Asset Manager that lets read-only API users perform administrative actions on user accounts — including reading, updating, and deleting users. Tracked as CVE-2025-11862, the bug is...