100/68 Thursday, March 13, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five vulnerabilities affecting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) Catalog:
- CVE-2025-25181 – SQL Injection vulnerability in Advantive VeraCore
- CVE-2024-57968 – Unrestricted File Upload vulnerability in Advantive VeraCore
- CVE-2024-13159, CVE-2024-13160, CVE-2024-13161 – Absolute Path Traversal vulnerabilities in Ivanti Endpoint Manager (EPM)
CISA has identified that the Vietnam-based cybercrime group XE Group is actively exploiting VeraCore vulnerabilities to infiltrate target systems, deploying reverse shells and web shells for remote access. While no active exploitation of the Ivanti EPM vulnerabilities has been reported, Proof-of-Concept (PoC) exploit code has already been published, increasing the likelihood of future attacks.
To mitigate the risk, Federal Civilian Executive Branch (FCEB) agencies are required to patch and remediate these vulnerabilities by March 31, 2025, in compliance with Binding Operational Directive (BOD) 22-01—a mandate designed to reduce risks from known exploited vulnerabilities. CISA also urges private organizations to review the KEV Catalog and implement appropriate security measures to prevent exploitation of these vulnerabilities.
