CVE-2025-11862 HIGH

CVE-2025-11862: Verve Asset Manager Access Control Vulnerability

Vendor Rockwell Automation

Product Verve Asset Manager

Weakness CWE-863 · Incorrect authorization

Published November 11, 2025

Last update November 12, 2025

CVSS base score

8.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:L/SA:H

What the vulnerability does

01Description

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API.

Key dates

November 11, 2025 CVE published

November 12, 2025 Record updated

External resources

Related vulnerabilities

CVE CVE-2025-11862

CWE CWE-863

CVSS 8.4 / HIGH

Vendor Rockwell Automation

Product Verve Asset Manager

Affected 1.33, 1.34, 1.35, 1.36, 1.37, 1.38, 1.39, 1.40, 1.41, 1.41.1, 1.41.2, 1.41.3