CVE-2025-25181

Published Feb 3, 2025

Last updated 20 days ago

Exploit knownCVSS medium 5.8

Overview

Description
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
Source
cve@mitre.org
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Advantive VeraCore SQL Injection Vulnerability
Exploit added on
Mar 10, 2025
Exploit action due
Mar 31, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

cve@mitre.org
CWE-89
nvd@nist.gov
CWE-89

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2025-25181

    @transilienceai

    18 Mar 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Actively exploited CVE : CVE-2025-25181

    @transilienceai

    17 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2025-25181

    @transilienceai

    17 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2025-25181

    @transilienceai

    16 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2025-25181

    @transilienceai

    15 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2025-25181

    @transilienceai

    15 Mar 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2025-25181

    @transilienceai

    14 Mar 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2025-25181

    @transilienceai

    11 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2025-25181

    @transilienceai

    11 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. KEV追加 •CVE-2025-25181 •CVE-2024-57968 •CVE-2024-13159 •CVE-2024-13160 •CVE-2024-13161

    @Deer0nSecurity

    10 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. #CyberSecurity #Vulnerability XE Group Exploits Zero-Day Vulnerabilities in VeraCore – CVE-2024-57968 & CVE-2025-25181 https://t.co/YrdcmFIkmf

    @Komodosec

    8 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🏴‍☠️ El GrupoXE sería el responsable de explotar dos vulnerabilidades de día cero en la plataforma de gestión de almacenes de VeraCore, CVE-2025-25181 y CVE-2025-57968, con un conjunto de shells inversos y web shells. 🧉 https://t.co/QdNQ1rjUQ1

    @MarquisioX

    16 Feb 2025

    41 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 ALERT: XE Group exploits VeraCore Zero-Day vulnerabilities (CVE-2024-57968 & CVE-2025-25181) to deploy persistent web shells! 🚀 🔴 Organizations must update to version 2024.4.2.1+ ASAP! 🔍 Stay vigilant: Monitor file uploads, enforce strict access controls & deploy W

    @AekzIndia

    10 Feb 2025

    12 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. New post from https://t.co/uXvPWJy6tj (CVE-2025-25181 | Advantive VeraCore up to 2025.1.0 timeoutWarning.asp PmSess1 sql injection) has been published on https://t.co/G0VtDhPQCw

    @WolfgangSesin

    6 Feb 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 CVE Alert: Advantive VeraCore SQL injection Zero-day Vulnerability Exploited In the Wild 🚨 Vulnerability Details: CVE-2025-25181 (CVSS 5.8/10) Advantive VeraCore SQL injection Vulnerability Impact: A Successful exploit may allow a remote attacker to read, delete, modify… ht

    @CyberxtronTech

    6 Feb 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 SQL Injection Alert: CVE-2025-25181 🚨 Hey tech enthusiasts! 🌐🔒 A new vulnerability in Adventive Vera Core's timeoutWarning.asp is here, allowing remote SQL command execution via the PmSess1 parameter. Stay informed and secure! 📚🔍 . #ahmedmansourcsofficia #sqlinjection

    @CsAhmedmansour

    4 Feb 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2025-25181 SQL Injection in Advantive VeraCore timeoutWarning.asp Enables Remote SQL Command Execution https://t.co/21Kv2V9UaU

    @VulmonFeeds

    4 Feb 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2025-25181 A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 p… https://t.co/YXNknKiYOO

    @CVEnew

    3 Feb 2025

    429 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References