CVE-2025-25181 - Advantive VeraCore SQL Injection Vulnerability
Project:Advantive
Product:VeraCore
Date Added:2025-03-10Due Date:2025-03-31
Vulnerability Name
Advantive VeraCore SQL Injection Vulnerability
Description
Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://advantive.my.site.com/support/s/article/Veracore-Release-Notes-2025-1-1-3
https://nvd.nist.gov/vuln/detail/CVE-2025-25181
Related News Articles
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV ListMarch 11, 2025
