Cyber Resilience

CVE-2025-25181

MediumCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 03 February 2025

Published
03 February 2025
Modified
05 November 2025
KEV Added
10 March 2025
Patch
CVSS Score v3.1 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
EPSS Score 0.7205 98.8th percentile
Risk Priority 75 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25181 is a medium-severity SQL Injection (CWE-89) vulnerability in Advantive Veracore. Its CVSS base score is 5.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

A SQL injection vulnerability exists in the timeoutWarning.asp endpoint of Advantive VeraCore through version 2025.1.0. The flaw, tracked as CVE-2025-25181 and assigned CWE-89, permits remote attackers to supply arbitrary SQL commands through the PmSess1 parameter. It carries a CVSS 3.1 score of 5.8 reflecting network attack vector, low complexity, and no required privileges or user interaction, with limited confidentiality impact across a changed scope.

Unauthenticated remote attackers can exploit the injection to execute arbitrary SQL commands against the underlying database. Successful exploitation allows extraction of limited data without affecting integrity or availability.

Vendor guidance is referenced in Advantive’s support knowledge base, while CISA lists the CVE in its Known Exploited Vulnerabilities catalog, indicating that patches or configuration mitigations should be obtained from those sources and applied promptly.

The vulnerability is confirmed to be under active exploitation in the wild. Its EPSS score rose materially after disclosure, reaching a peak of 0.8169 on 2025-12-11 before receding to the current value of 0.7205, indicating sustained attacker interest.

EU & UK References

Vulnerability details

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.

CWE(s)
KEV Date Added
10 March 2025

Related Threats

Threat-Actor AttributionAI

XE Group
Intezer and Solis Security reports attribute exploitation of this VeraCore zero-day SQLi to XE Group.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

SQL injection enables exploitation of public-facing web applications (T1190) for initial access, arbitrary SQL execution for database data collection (T1213.006), and facilitates webshell deployment for remote execution (T1100) and persistence (T1505.003) as observed in adversary activity.

CVEs Like This One

CVE-2024-57968Same product: Advantive Veracoreboth on KEV
CVE-2025-25257Shared CWE-89both on KEV
CVE-2026-21643Shared CWE-89both on KEV
CVE-2026-9082Shared CWE-89both on KEV
CVE-2023-34362Shared CWE-89both on KEV
CVE-2026-29096Shared CWE-89
CVE-2025-57819Shared CWE-89both on KEV
CVE-2026-42208Shared CWE-89both on KEV
CVE-2025-24368Shared CWE-89
CVE-2019-25537Shared CWE-89

Affected Assets

advantive
veracore
≤ 2025.1.1.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely identification, reporting, and correction of the SQL injection flaw in timeoutWarning.asp.

prevent

Prevents SQL injection exploitation by enforcing validation of malicious inputs like the PmSess1 parameter before processing.

detect

Enables detection of the SQL injection vulnerability in VeraCore through regular scanning, facilitating proactive remediation.

References