CVE-2025-25181

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL...

Basic Information

CVE State: PUBLISHED
Reserved Date: February 03, 2025
Published Date: February 03, 2025
Last Updated: March 14, 2025
Vendor: Advantive
Product: VeraCore
Description: A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.

CVSS Scores

CVSS v3.1

5.8 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2025-03-10 00:00:00 UTC) Source

References

https://advantive.my.site.com/support/s/knowledge https://intezer.com/blog/research/xe-group-exploiting-zero-days/ https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-to-exploiting-zero-days/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2025-03-10 00:00:00 UTC