Primary

Context

Verve Asset Manager Access Control Vulnerability

Vulnerability

An access control vulnerability has been identified in Verve Asset Manager versions 1.33 through 1.41.3. This vulnerability allows unauthorized read-only users to read, update, and delete user information via the API.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications and deletions of user data through the API.

Remediation

Users of Verve Asset Manager can upgrade to version 1.41.4 or 1.42 to address this vulnerability. For those unable to upgrade, it is recommended to remove any read-only accounts as an additional precaution.

Added: Nov 11, 2025, 2:19 PM

Updated: Nov 11, 2025, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Verve Asset Manager Access Control Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating