CVE-2025-25181

high-risk

Published 2025-02-03

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.

Do I need to act?

72.1% chance of exploitation in next 30 days

EPSS score — higher than 28% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.8/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Veracore

Affected Vendors

Advantive

References (4)

Product https://advantive.my.site.com/support/s/knowledge

Exploit https://intezer.com/blog/research/xe-group-exploiting-zero-days/

Exploit https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-...

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...

/ 100

high-risk

Severity 22/34 · High

Exploitability 26/34 · High

Exposure 5/34 · Minimal