Attacker Value

Very High

(1 user assessed)

Exploitability

Very High

(1 user assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2025-25181

Disclosure Date: February 03, 2025 •

CVE-2025-25181

Exploited in the Wild

Reported by cbeek-r7
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Initial Access

Techniques

Validation

Exploit Public-Facing Application

Validated

Description

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.

Add Assessment

cbeek-r7 (187)

February 05, 2025 8:15pm UTC (2 weeks ago)

Ratings

Attacker Value

Very High

Exploitability

Very High

Easy to weaponize Unauthenticated Vulnerable in default configuration

Technical Analysis

CVE-2025-25181 is an SQL Injection vulnerability identified in the VeraCore application, specifically within the timeoutWarning endpoint. This flaw arises because the application constructs SQL queries by concatenating a user-supplied parameter (PmSess1) directly into the query string without proper sanitization. Consequently, an attacker can manipulate the PmSess1 parameter to execute arbitrary SQL commands against the application’s database.

The XE Group, a cybercriminal organization active since at least 2013, exploited this vulnerability to gain unauthorized access to systems running the VeraCore software. By leveraging CVE-2025-25181, they retrieved valid credentials from the database, which were subsequently used to exploit an upload feature within the application. This allowed them to upload malicious webshells, facilitating remote code execution and persistent access to the compromised systems.
[source used to explain and summarize the vulnerability: https://intezer.com/blog/research/xe-group-exploiting-zero-days/]

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Exploited in the Wild

Reported by:

cbeek-r7 indicated source as News Article or Blog (https://intezer.com/blog/research/xe-group-exploiting-zero-days/)

Reported: February 05, 2025 8:05pm UTC (2 weeks ago)

References

Canonical

CVE-2025-25181 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25181)

Miscellaneous

https://advantive.my.site.com/support/s/knowledge

https://intezer.com/blog/research/xe-group-exploiting-zero-days/

https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-to-exploiting-zero-days/

Rapid7

Very High

CVE-2025-25181

Very High

Very High

Unknown

Unknown

Unknown

CVE-2025-25181

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Exploited in the Wild

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Very High

CVE-2025-25181

Very High

Very High

Unknown

Unknown

Unknown

CVE-2025-25181

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Exploited in the Wild

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification