CVE-2025-14376— Verve Asset Manager – Plaintext Storage Vulnerabilities
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-14376
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Verve Asset Manager – Plaintext Storage Vulnerabilities
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感信息的不安全存储
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rockwell Automation Verve Asset Manager 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rockwell Automation Verve Asset Manager是美国罗克韦尔(Rockwell Automation)公司的一个供应商中立的 OT 端点管理平台。 Rockwell Automation Verve Asset Manager存在安全漏洞,该漏洞源于ADI服务器组件在环境变量中存储明文密钥。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Rockwell Automation | Verve Asset Manager | 1.33 1.34 1.35 1.36 1.37 1.38 1.39 1.40 1.41 1.41.1 1.41.2 1.41.3 | - |
II. Public POCs for CVE-2025-14376
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-14376
请登录查看更多情报信息。
Same Patch Batch · Rockwell Automation · 2026-01-20 · 13 CVEs total
| CVE-2025-9283 | ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities | |
| CVE-2025-9282 | ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities | |
| CVE-2025-9281 | ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities | |
| CVE-2025-9280 | ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities | |
| CVE-2025-14027 | Rockwell Automation Recommends Upgrading From 1756-RM2 XT To 1756-RM3 XT | |
| CVE-2025-9279 | ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities | |
| CVE-2025-9278 | ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities | |
| CVE-2025-9466 | ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities | |
| CVE-2025-11743 | Rockwell Automation CompactLogix® 5370 Denial of Service Vulnerability | |
| CVE-2025-9465 | ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities | |
| CVE-2025-9464 | Rockwell Automation ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities | |
| CVE-2025-14377 | Verve Asset Manager – Plaintext Storage Vulnerabilities |
IV. Related Vulnerabilities
Same vendor: Rockwell Automation
- CVE-2025-9283
ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities - CVE-2025-9282
ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities - CVE-2025-9281
ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities - CVE-2025-9280
ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities - CVE-2025-14027
Rockwell Automation Recommends Upgrading From 1756-RM2 XT To
Same weakness: CWE-922
- CVE-2026-40868
kyverno apicall servicecall implicit bearer token injection - CVE-2026-26152
Microsoft Cryptographic Services Elevation of Privilege Vuln - CVE-2026-5666
code-projects Online FIR System SQL Database Backup File com - CVE-2026-5650
code-projects Online Application System for Admission oas.sq - CVE-2025-10734
ReviewX – WooCommerce Product Reviews with Multi-Criteria, R
V. Comments for CVE-2025-14376
No comments yet