Two high-severity vulnerabilities in Advantive VeraCore, CVE-2024-57968 and CVE-2025-25181, have been actively exploited in the wild, with the XE Group leveraging these flaws in their recent campaigns. Both vulnerabilities were disclosed on February 3, 2025, and have since been added to CISA's Known Exploited Vulnerabilities (KEV) catalog as of March 10, 2025.
CVE-2024-57968, with a CVSS score of 8.8, allows remote authenticated users to upload files to unintended directories via the upload.aspx endpoint. This vulnerability, categorized under CWE-434, can lead to unauthorized file access, potentially exposing sensitive data to other users. The exploitation of this flaw was detected within 35 days of its disclosure, highlighting the urgency for affected organizations to address it.
CVE-2025-25181, rated with a CVSS of 7.5, involves a SQL injection vulnerability in the timeoutWarning.asp component. This flaw, identified under CWE-89, permits remote attackers to execute arbitrary SQL commands through the PmSess1 parameter, potentially compromising the integrity of the database and allowing unauthorized data manipulation.
The XE Group, known for their diverse cybercriminal activities, including credit card skimming, has been identified as exploiting these zero-day vulnerabilities. Their ability to quickly incorporate these flaws into their operations underscores the critical need for organizations using Advantive VeraCore to implement patches immediately.
Advantive has released updates to address these vulnerabilities, and organizations are urged to apply these patches without delay to mitigate potential risks. Security teams should prioritize monitoring for unusual file uploads and SQL queries to detect and respond to any exploitation attempts effectively.
CSURFACE