Cyber Resilience

CVE-2024-57968

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 03 February 2025

Published
03 February 2025
Modified
04 November 2025
KEV Added
10 March 2025
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.4106 97.5th percentile
Risk Priority 64 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57968 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Advantive Veracore. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

Advantive VeraCore versions prior to 2024.4.2.1 contain an unrestricted file upload flaw tracked as CVE-2024-57968 and CWE-434. The upload.aspx endpoint permits remote authenticated users to place files into arbitrary directories instead of restricting them to intended locations, including folders that are subsequently reachable via web requests from other users. The issue carries a CVSS 3.1 score of 9.9, reflecting network attack vector, low complexity, low privileges required, and changed scope with high impact on confidentiality, integrity, and availability.

Authenticated attackers can therefore upload arbitrary content, including web shells or other malicious files, into locations that become accessible to additional users or processes. Successful exploitation can lead to full compromise of the affected VeraCore instance and any data it processes.

The vendor addressed the issue in VeraCore release 2024.4.2.1, as documented in the corresponding release notes. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Public reporting links the flaw to operations by the Xe Group, which has leveraged similar zero-day uploads for credit-card skimming and further access. The associated EPSS score has reached a peak of 0.4425 with a current value of 0.4106, indicating sustained exploitation interest after disclosure.

EU & UK References

Vulnerability details

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.

CWE(s)
KEV Date Added
10 March 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1608.001 Upload Malware Resource Development
Adversaries may upload malware to third-party or adversary controlled infrastructure to make it accessible during targeting.
Why these techniques?

The file upload vulnerability (CVE-2024-57968) in VeraCore's upload.aspx enables remote authenticated users to place arbitrary files, such as webshells, in web-accessible directories, facilitating public-facing application exploitation (T1190), web shell deployment for persistence/execution (T1505.003), and malware staging via upload (T1608.001).

CVEs Like This One

CVE-2025-25181Same product: Advantive Veracoreboth on KEV
CVE-2025-52691Shared CWE-434both on KEV
CVE-2025-2749Shared CWE-434both on KEV
CVE-2021-31207Shared CWE-434both on KEV
CVE-2025-26350Shared CWE-434
CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434

Affected Assets

advantive
veracore
≤ 2024.4.2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-3 enforces approved authorizations for access to system resources like file directories, directly preventing authenticated users from uploading to unintended folders.

prevent

SI-10 validates information inputs such as upload paths and filenames, blocking attempts to target unauthorized or browsable directories via upload.aspx.

prevent

AC-6 applies least privilege to restrict low-privileged authenticated users from accessing or writing to sensitive browsable folders.

References