Ethical Hacking News
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Advantive VeraCore and Ivanti Endpoint Manager (EPM) flaws to its Known Exploited Vulnerabilities catalog, warning organizations to address these vulnerabilities as soon as possible.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including Advantive VeraCore and Ivanti Endpoint Manager (EPM) flaws. A Vietnamese cybercrime group, XE Group, has been observed exploiting CVE-2025-25181 and CVE-2024-57968 vulnerabilities in Advantive VeraCore to gain unauthorized access and maintain persistent remote access. Ivanti EPM flaws, including CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161, have also been added to the KEV catalog, allowing attackers to traverse absolute paths on the file system. Experts warn organizations to review their infrastructure and address these vulnerabilities as soon as possible, with federal agencies having until March 31, 2025, to fix them in their systems. Organizations must prioritize their cybersecurity posture by implementing robust security controls, conducting regular vulnerability assessments, and staying up-to-date with the latest security patches and software updates.
The cybersecurity landscape is becoming increasingly complex and dynamic, with new threats emerging on a daily basis. In recent times, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including Advantive VeraCore and Ivanti Endpoint Manager (EPM) flaws. This development is part of a larger trend of vulnerabilities being exploited by threat actors, highlighting the need for organizations to prioritize their cybersecurity posture.
One such vulnerability that has garnered significant attention in recent times is CVE-2025-25181, which affects Advantive VeraCore. According to reports, this vulnerability allows attackers to inject malicious SQL code, potentially leading to unauthorized access and data breaches. Vietnamese cybercrime group XE Group has been observed exploiting this vulnerability, deploying reverse shells and web shells to maintain persistent remote access.
Another vulnerability that has been added to the KEV catalog is CVE-2024-57968, which also affects Advantive VeraCore. This vulnerability allows attackers to upload malicious files without restriction, potentially leading to data breaches and other forms of exploitation. XE Group has also been observed exploiting this vulnerability as part of its campaign.
Ivanti EPM flaws, including CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161, have also been added to the KEV catalog. These vulnerabilities allow attackers to traverse absolute paths on the file system, potentially leading to unauthorized access and data breaches. However, it is worth noting that no security firm has publicly reported the exploitation of these flaws in real-world attacks.
Experts are warning organizations to review their infrastructure and address these vulnerabilities as soon as possible. According to the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies have until March 31, 2025, to fix these vulnerabilities in their systems.
In light of this development, it is essential for organizations to take proactive measures to strengthen their cybersecurity posture. This includes implementing robust security controls, conducting regular vulnerability assessments, and staying up-to-date with the latest security patches and software updates.
Furthermore, CISA has emphasized the importance of addressing known exploited vulnerabilities, citing the potential risks associated with exploiting these flaws. According to the BOD, agencies must address identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
In conclusion, the exploitation of vulnerabilities is a growing concern for cybersecurity professionals and organizations alike. The addition of Advantive VeraCore and Ivanti EPM flaws to the KEV catalog highlights the need for proactive measures to be taken to address these vulnerabilities. By prioritizing their cybersecurity posture and staying informed about emerging threats, organizations can minimize the risk of data breaches and other forms of exploitation.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Exploitation-of-Vulnerabilities-A-Growing-Concern-for-Cybersecurity-ehn.shtml
https://securityaffairs.com/175232/breaking-news/u-s-cisa-adds-advantive-veracore-and-ivanti-epm-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://www.cisa.gov/news-events/alerts/2025/03/10/cisa-adds-five-known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2025-25181
https://www.cvedetails.com/cve/CVE-2025-25181/
https://nvd.nist.gov/vuln/detail/CVE-2024-57968
https://www.cvedetails.com/cve/CVE-2024-57968/
https://nvd.nist.gov/vuln/detail/CVE-2024-13159
https://www.cvedetails.com/cve/CVE-2024-13159/
https://nvd.nist.gov/vuln/detail/CVE-2024-13160
https://www.cvedetails.com/cve/CVE-2024-13160/
https://nvd.nist.gov/vuln/detail/CVE-2024-13161
https://www.cvedetails.com/cve/CVE-2024-13161/
https://arcticwolf.com/resources/blog/poc-exploit-available-critical-information-disclosure-vulnerabilities-ivanti-epm/
https://www.securityweek.com/poc-exploit-published-for-critical-ivanti-epm-vulnerabilities/
Published: Tue Mar 11 04:10:00 2025 by llama3.2 3B Q4_K_M
