CVE-2025-14377 | THREATINT

Description

A security issue was discovered within the legacy Ansible playbook component of Verve Asset Manager, caused by plaintext secrets incorrectly stored when a playbook is running. This component has been retired and has been optional since the 1.36 release in 2024.

PUBLISHED Reserved 2025-12-09 | Published 2026-01-20 | Updated 2026-01-20 | Assigner Rockwell

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H

Problem types

CWE-312: Cleartext Storage of Sensitive Information

Product status

Default status

unaffected

1.33 1.34 1.35 1.36 1.37 1.38 1.39 1.40 1.41 1.41.1 1.41.2 1.41.3

affected

References

www.rockwellautomation.com/...dvisories/advisory.SD1767.html

cve.org (CVE-2025-14377)

nvd.nist.gov (CVE-2025-14377)

Download JSON