CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
Tech News

CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List

3 Min Read
3 Min Read

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added 5 safety flaws impacting Advantive VeraCore and Ivanti Endpoint Supervisor (EPM) to its Identified Exploited Vulnerabilities (KEV) catalog, based mostly on proof of lively exploitation within the wild.

The record of vulnerabilities is as follows –

  • CVE-2024-57968 – An unrestricted file add vulnerability in Advantive VeraCore that permits a distant unauthenticated attacker to add recordsdata to unintended folders by way of add.apsx
  • CVE-2025-25181 – An SQL injection vulnerability in Advantive VeraCore that permits a distant attacker to execute arbitrary SQL instructions
  • CVE-2024-13159 – An absolute path traversal vulnerability in Ivanti EPM that permits a distant unauthenticated attacker to leak delicate data
  • CVE-2024-13160 – An absolute path traversal vulnerability in Ivanti EPM that permits a distant unauthenticated attacker to leak delicate data
  • CVE-2024-13161 – An absolute path traversal vulnerability in Ivanti EPM that permits a distant unauthenticated attacker to leak delicate data

The exploitation of VeraCore vulnerabilities has been attributed to probably a Vietnamese menace actor named XE Group, which has been noticed dropping reverse shells and internet shells to keep up persistent distant entry to compromised programs.

However, there are at the moment no public experiences about how the three Ivanti EPM flaws are being weaponized in real-world assaults. A proof-of-concept (PoC) exploit was launched by Horizon3.ai final month. The cybersecurity firm described them as “credential coercion” bugs that might enable an unauthenticated attacker to compromise the servers.

In mild of lively exploitation, it is important that Federal Civilian Govt Department (FCEB) companies apply the mandatory patches by March 31, 2025.

See also  How Datto BCDR Delivers Unstoppable Business Continuity

The event comes as menace intelligence agency GreyNose warned of mass exploitation of CVE-2024-4577, a essential vulnerability impacting PHP-CGI, with spikes in assault exercise focusing on Japan, Singapore, Indonesia, the UK, Spain, and India.

“Greater than 43% of IPs focusing on CVE-2024-4577 previously 30 days are from Germany and China,” GreyNoise mentioned, including it “detected a coordinated spike in exploitation makes an attempt in opposition to networks in a number of international locations, suggesting extra automated scanning for susceptible targets” in February.

TAGGED:
Share This Article
Leave a comment

Latest News

mm
AI Doesn’t Necessarily Give Better Answers If You’re Polite
Tech News
A Times investigation: LAFD union head made $540,000 in a year, with huge overtime payouts
A Times investigation: LAFD union head made $540,000 in a year, with huge overtime payouts
Politics
Customer Account Takeovers
The Multi-Billion Dollar Problem You Don’t Know About
Tech News
Elon Musk DOGE
Goldman Sachs: Hedge Funds Make Shocking Bank Stock Move
Crypto
Honkai Star Rail current banner, next banner, and 3.3 banners
Honkai Star Rail current banner, next banner, and 3.3 banners
Gaming
BJ Novak’s Girlfriend: 5 Things About Delaney Rowe
BJ Novak’s Girlfriend: 5 Things About Delaney Rowe
Celebrity
California's economy is now the 4th largest in the world ... or is it?
California's economy is now the 4th largest in the world … or is it?
Business