CVE-2025-25181

Опубликовано: 03 фев. 2025

Источник: nvd

CVSS3: 5.8

CVSS3: 7.5

EPSS Высокий

Описание

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.

Ссылки

https://advantive.my.site.com/support/s/knowledge
Product
Release Notes
https://intezer.com/blog/research/xe-group-exploiting-zero-days/
Exploit
Technical Description
Third Party Advisory
https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-to-exploiting-zero-days/
Exploit
Technical Description
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-25181
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:advantive:veracore:*:*:*:*:*:*:*:*

Версия до 2025.1.1.3 (исключая)

EPSS

Процентиль: 99%

0.79712

Высокий

5.8 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-6g37-4665-5v4w

CVSS3: 5.8

github

около 1 года назад

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.

EPSS

Процентиль: 99%

0.79712

Высокий

5.8 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-89