Rockwell Automation Fixes Critical Privilege Escalation Flaw in Verve Asset Manager (CVE-2025-11862, CVSS 9.9)

Rockwell Automation has released a critical security advisory addressing a severe privilege escalation vulnerability (CVE-2025-11862, CVSS 9.9) discovered in its Verve Asset Manager platform — a unified OT cybersecurity system widely used for industrial control system (ICS) visibility, vulnerability management, and security automation.

The flaw, uncovered internally during routine security testing, could allow read-only users to escalate privileges and manipulate user accounts, potentially leading to full system compromise.

Tracked as CVE-2025-11862, the flaw resides in the Verve Asset Manager API, which fails to properly enforce authorization controls. This allows users with read-only privileges to perform administrative operations, including reading, updating, and deleting other user accounts.

“A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API,” the advisory confirmed.

Such a flaw effectively bypasses access restrictions, enabling attackers with limited access to escalate privileges, disrupt security workflows, or delete administrator accounts to deny operational access.

Given Verve Asset Manager’s role in managing critical OT network visibility and automation tasks, exploitation could result in major operational disruptions in industrial environments, including energy, manufacturing, and utilities.

The vulnerability impacts multiple builds of Verve Asset Manager — specifically versions 1.33 through 1.41.3. Rockwell has issued a patch in version 1.41.4 and later (including 1.42), which fully mitigates the issue.

Rockwell strongly urges all customers to update immediately to the patched versions to prevent unauthorized access or modification via API endpoints.