Two high-severity vulnerabilities in Advantive VeraCore, CVE-2024-57968 and CVE-2025-25181, have been actively exploited in the wild, prompting urgent attention from security teams. Both vulnerabilities were disclosed on February 3, 2025, and have since been added to the Known Exploited Vulnerabilities (KEV) catalog on March 10, 2025, underscoring their critical nature.
CVE-2024-57968, with a CVSS score of 8.8, allows remote authenticated users to upload files to unintended directories via the upload.aspx endpoint. This flaw, categorized under CWE-434, can lead to unauthorized access to sensitive files, potentially exposing them to other users. The vulnerability was exploited within 35 days of its disclosure, highlighting the rapid pace at which attackers have leveraged this flaw.
CVE-2025-25181, scoring 7.5 on the CVSS scale, involves a SQL injection vulnerability in the timeoutWarning.asp component. This vulnerability allows remote attackers to execute arbitrary SQL commands through the PmSess1 parameter, posing a significant risk of data manipulation or exfiltration. Like CVE-2024-57968, this vulnerability was also exploited within 35 days of disclosure.
Both vulnerabilities have been exploited by cybercriminals, as reported by Help Net Security, indicating a coordinated effort to target Advantive VeraCore systems. Organizations using VeraCore should prioritize patching these vulnerabilities immediately to mitigate potential risks. Security teams are advised to verify their systems for any signs of compromise and ensure that all patches are applied promptly to prevent further exploitation.
CSURFACE