KEVIntel
Back to KEVs
5.8
CVSS
Medium

CVE-2025-25181

PUBLISHED

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL...

Exploited in the wild Remote Low complexity No user interaction
Vendor
Advantive
Product
VeraCore
Published
Feb 03, 2025
EPSS

Description

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.

cisa

CVSS scores

CVSS v3.1 5.8 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2025-03-10 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Mar 10, 2025

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel