<ul><li>A vulnerability identified as CVE-2025-1449 allows admin-level threat actors to run arbitrary commands within Rockwell Automation Verve Asset Manager products.</li><li>The flaw, with low attacker complexity, arises from improper input validation in Verve's deprecated Legacy Agentless Device Inventory feature.</li><li>CVE-2025-1449 impacts product versions 1.39 and earlier, but the vendor has released a fix in version 1.40.</li><li>Mitigation measures include restricting network exposure, using firewalls, and applying secure remote access methods like VPNs.</li></ul>

CVE-2025-1449: Rockwell Automation Verve Asset Manager Vulnerability Enables Adversaries to Gain Access to Run Arbitrary Commands

Discover more