PT-2026-3556 · Widen · Verve Asset Manager
Published
2026-01-20
·
Updated
2026-01-20
·
CVE-2025-14376
CVSS v4.0
8.6
High
| Vector | AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Verve Asset Manager versions prior to 1.36
Description
A security issue exists in the legacy ADI server component of Verve Asset Manager. The issue involves the storage of plaintext secrets in environment variables on the ADI server. This component was retired and became optional with the 1.36 release in 2024. The vulnerable component does not involve any API endpoints or specific parameters.
Recommendations
Update to version 1.36 or later to eliminate the use of the legacy ADI server component.
Fix
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Verve Asset Manager