Auth bypass in Rockwell Automation Verve Asset Manager

CVE-2025-11862

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API.

Vulnerability class: Broken Access Control

EPSS: 0.003 (23.2th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References