SQL Injection Vulnerability in Advantive VeraCore
CVE-2025-25181

5.8MEDIUM

Key Information:

Vendor: Advantive
Status: Veracore
Vendor: CVE Published:; 3 February 2025

Badges

👾 Exploit Exists📰 News Worthy

Summary

A SQL injection vulnerability exists in the timeoutWarning.asp file of Advantive VeraCore, affecting versions up to 2025.1.0. This vulnerability enables remote attackers to execute arbitrary SQL commands by injecting malicious input through the PmSess1 parameter. Exploiting this flaw can lead to unauthorized data access, manipulation, or loss, highlighting the importance of securing web applications against SQL injection attacks.

Affected Version(s)

VeraCore 0 <= 2025.1.0

News Articles

Help Net Security

CVE-2025-0411 CVE-2025-25181

Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Russian cybercrooks exploiting 7-Zip zero-day

2 weeks ago

thmubnail image

Help Net Security

CVE-2025-25181 CVE-2024-57968

Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968) - Help Net Security

Cybercriminal outfit XE Group has been quietly exploiting zero-day vulnerabilities (CVE-2025-25181, CVE-2024-57968) in VeraCore software.

2 weeks ago

thmubnail image

References

https://advantive.my.site.com/support/s/knowledge

https://intezer.com/blog/research/xe-group-exploiting-zer...

https://www.solissecurity.com/en-us/insights/xe-group-fro...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
Feb 5, 2025
📰
First article discovered by Help Net Security
Feb 5, 2025
Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Feb 3, 2025

.