cbcvebase.
CVE-2025-25181
published 2025-02-03

CVE-2025-25181: A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the…

PriorityP183high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-03-31
Exploited in the wild
EPSS
50.38%
98.8th percentile
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.

Affected

2 ranges
VendorProductVersion rangeFixed in
advantiveveracore< 2025.1.1.32025.1.1.3
advantiveveracore<= 2025.1.0

Detection & IOCsextracted from sources · hover to see the quote

pathtimeoutWarning.asp
otherPmSess1
  • Monitor HTTP requests targeting timeoutWarning.asp with anomalous or SQL-syntax-containing values in the PmSess1 parameter, which is the injection point for this vulnerability.
  • This vulnerability is actively exploited in the wild (CISA KEV listed); prioritize detection and alerting on any access to timeoutWarning.asp from external/remote sources.
  • ·Vulnerability affects Advantive VeraCore through version 2025.1.0; patched in version 2025.1.1.3 per vendor release notes.
  • ·Vendor patch reference is available at the Advantive support portal release notes for version 2025.1.1.3.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck5.8MEDIUM
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.