Critical Rockwell Automation Verve Asset Manager Vulnerability (CVE-2025-1449) – Protect Your Systems

1. Executive Summary​

• Vulnerability: Improper Validation of Specified Type of Input (CWE-1287)
• CVSS v4 Score: 8.9 (High)
• CVSS v3.1 Score: 9.1 (Critical)
• Published: March 25, 2025
• Exploitability: Remotely exploitable with low attack complexity

2. Risk Evaluation​

• An attacker with administrative access could run arbitrary commands in the context of the container running the Verve Asset Manager service.

3. Technical Details​

• Affected Products: Verve Asset Manager, Versions 1.39 and prior
• Vulnerability: Insufficient sanitizing of variables in the administrative web interface for the Legacy Active Directory Interface (ADI, deprecated since v1.36). This allows an admin-level attacker to run arbitrary commands.

4. CVE and Scores​

• CVE: CVE-2025-1449
• CVSS v3.1 Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H (Score: 9.1)
• CVSS v4 Vector: AV:N/AC:L/AT/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H (Score: 8.9)

5. Affected Sectors & Background​

• Sectors: Critical Manufacturing (deployed worldwide)
• Vendor Headquarters: United States

6. Mitigations​

• Fixed in Version: 1.40 (Users are urged to upgrade)
• Best Practices (if upgrade is not possible):
• Minimize network exposure; ensure devices are not accessible from the internet.
• Locate control system networks behind firewalls; isolate from business networks.
• Use secure remote access (like VPNs), but keep VPNs updated.
• Further Resources: See Rockwell Automation’s security advisory and CISA's ICS resources and best practices.

7. General Recommendations​

• Conduct proper impact analysis and risk assessment.
• Monitor for suspicious activity and report incidents to CISA.
• Be vigilant against phishing and social engineering attacks.

8. Exploitation Status​

• No public exploitation has been reported to CISA at this time.