Ethical Hacking News
CISA has added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its KEV list, based on evidence of active exploitation. These vulnerabilities include an unrestricted file upload vulnerability, an SQL injection vulnerability, and three absolute path traversal vulnerabilities. Organizations must prioritize security and apply the necessary patches by March 31, 2025, to minimize the risk of cyber attacks.
Five security flaws in Advantive VeraCore and Ivanti Endpoint Manager (EPM) have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. These vulnerabilities include an unrestricted file upload vulnerability, an SQL injection vulnerability, and three absolute path traversal vulnerabilities. The vulnerabilities were identified by threat actors from Vietnam, specifically the XE Group, which has been linked to dropping reverse shells and web shells to maintain persistent remote access. Organizations are advised to apply necessary patches by March 31, 2025, to minimize the risk of cyber attacks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. This development serves as a stark reminder of the ever-evolving threat landscape that organizations must navigate to protect their sensitive data and prevent cyber attacks.
The list of vulnerabilities in question includes CVE-2024-57968, an unrestricted file upload vulnerability in Advantive VeraCore that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx. This flaw essentially provides an entry point for malicious actors to gain unauthorized access to the system and potentially exfiltrate sensitive data.
Furthermore, CVE-2025-25181 is identified as an SQL injection vulnerability in Advantive VeraCore that allows a remote attacker to execute arbitrary SQL commands. This type of vulnerability can be particularly devastating, as it enables attackers to query the database for specific information or inject malicious SQL code to manipulate the database's contents.
Additionally, three vulnerabilities impacting Ivanti EPM have been added to the KEV list: CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161. These absolute path traversal vulnerabilities allow a remote unauthenticated attacker to leak sensitive information. While there are currently no public reports about how these flaws are being weaponized in real-world attacks, the potential consequences of their exploitation cannot be overstated.
It is worth noting that the exploitation of VeraCore vulnerabilities has been attributed to likely a Vietnamese threat actor named XE Group, which has been observed dropping reverse shells and web shells to maintain persistent remote access to compromised systems. This highlights the importance of staying vigilant and proactive in addressing potential security risks before they become major issues.
On the other hand, there are currently no public reports about how the three Ivanti EPM flaws are being weaponized in real-world attacks. A proof-of-concept (PoC) exploit was released by Horizon3.ai last month, describing these vulnerabilities as "credential coercion" bugs that could allow an unauthenticated attacker to compromise the servers.
Given the evidence of active exploitation and the potential consequences of these vulnerabilities, it is essential that Federal Civilian Executive Branch (FCEB) agencies apply the necessary patches by March 31, 2025. This demonstrates a critical commitment to prioritizing security and minimizing the risk of cyber attacks.
Furthermore, recent warnings from threat intelligence firm GreyNose highlight spikes in attack activity targeting Japan, Singapore, Indonesia, the United Kingdom, Spain, and India, primarily focused on exploiting CVE-2024-4577, a critical vulnerability impacting PHP-CGI. This underscores the need for organizations to remain vigilant and proactive in addressing potential security risks.
In conclusion, the recent addition of five exploited vulnerabilities to CISA's KEV list serves as a stark reminder of the ever-evolving threat landscape that organizations must navigate to protect their sensitive data and prevent cyber attacks. By prioritizing security and staying proactive, Federal Civilian Executive Branch (FCEB) agencies can minimize the risk of these vulnerabilities being exploited in real-world attacks.
CISA has added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its KEV list, based on evidence of active exploitation. These vulnerabilities include an unrestricted file upload vulnerability, an SQL injection vulnerability, and three absolute path traversal vulnerabilities. Organizations must prioritize security and apply the necessary patches by March 31, 2025, to minimize the risk of cyber attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Growing-Threat-Landscape-CISA-Adds-Five-Exploited-Vulnerabilities-to-KEV-List-ehn.shtml
https://thehackernews.com/2025/03/cisa-adds-five-actively-exploited.html
https://nvd.nist.gov/vuln/detail/CVE-2024-57968
https://www.cvedetails.com/cve/CVE-2024-57968/
https://nvd.nist.gov/vuln/detail/CVE-2025-25181
https://www.cvedetails.com/cve/CVE-2025-25181/
https://nvd.nist.gov/vuln/detail/CVE-2024-13159
https://www.cvedetails.com/cve/CVE-2024-13159/
https://nvd.nist.gov/vuln/detail/CVE-2024-13160
https://www.cvedetails.com/cve/CVE-2024-13160/
https://nvd.nist.gov/vuln/detail/CVE-2024-13161
https://www.cvedetails.com/cve/CVE-2024-13161/
Published: Tue Mar 11 00:03:42 2025 by llama3.2 3B Q4_K_M
