CVE-2025-25181
published 2025-02-03CVE-2025-25181: A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the…
PriorityP183high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-03-31
Exploited in the wild
EPSS
50.38%
98.8th percentile
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantive | veracore | < 2025.1.1.3 | 2025.1.1.3 |
| advantive | veracore | <= 2025.1.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting timeoutWarning.asp with anomalous or SQL-syntax-containing values in the PmSess1 parameter, which is the injection point for this vulnerability. ↗
- →This vulnerability is actively exploited in the wild (CISA KEV listed); prioritize detection and alerting on any access to timeoutWarning.asp from external/remote sources. ↗
- ·Vulnerability affects Advantive VeraCore through version 2025.1.0; patched in version 2025.1.1.3 per vendor release notes. ↗
- ·Vendor patch reference is available at the Advantive support portal release notes for version 2025.1.1.3. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck5.8MEDIUM
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Advantive VeraCore SQL Injection Vulnerability
cisa·2025-03-10·CVSS 7.5
CVE-2025-25181 [HIGH] CWE-89 Advantive VeraCore SQL Injection Vulnerability
Vulnerability: Advantive VeraCore SQL Injection Vulnerability
Affected: Advantive VeraCore
Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://advantive.my.site.com/support/s/article/Veracore-Release-Notes-2025-1-1-3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-25181
Remediation Due Date: 2025-03-31
GHSA
GHSA-6g37-4665-5v4w: A SQL injection vulnerability in timeoutWarning
ghsa_unreviewed·2025-02-03
CVE-2025-25181 [MEDIUM] CWE-89 GHSA-6g37-4665-5v4w: A SQL injection vulnerability in timeoutWarning
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
VulnCheck
Advantive VeraCore SQL Injection Vulnerability
vulncheck·2025·CVSS 5.8
CVE-2025-25181 [MEDIUM] CWE-89 Advantive VeraCore SQL Injection Vulnerability
Advantive VeraCore SQL Injection Vulnerability
Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter.
Affected: Advantive VeraCore
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://intezer.com/blog/research/xe-group-exploiting-zero-days/; https://www.cybersecurity-help.cz/vdb/SB2025020546; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.loginsoft.com/reports/annually/vulnerability-intelligence-report-2025
Remediation Due: 2025-03-31
No detection rules found.
No public exploits indexed.
https://advantive.my.site.com/support/s/knowledgehttps://intezer.com/blog/research/xe-group-exploiting-zero-days/https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-to-exploiting-zero-days/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-25181
2025-02-03
Published
2025-03-10
Added to CISA KEV
Exploited in the wild