CVE-2025-25181HIGH 7.5CISA KEVEPSS p98.8%

CVE-2025-25181 Advantive VeraCore SQL Injection Vulnerability

Advantive / VeraCore

Description

Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter.

Scoring

CVSS 3.17.5 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS50.38% probability of exploitation · percentile 98.8% · 2026-06-18T12:00:27Z
Published2025-02-03
Last modified2025-11-05

CISA KEV entry

Added to KEV: 2025-03-10

Underlying weaknesses· 1

CWE-89

References

  1. https://advantive.my.site.com/support/s/knowledge
  2. https://intezer.com/blog/research/xe-group-exploiting-zero-days/
  3. https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-to-exploiting-zero-days/
  4. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-25181

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

(incoming)1

TypeTargetConfidenceTier
KEVEntry Advantive VeraCore SQL Injection Vulnerabilitykev-cve-2025-251810%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Advantive VeraCore Unrestricted File Upload Vulnerability
CVE
CVE-2025-46268
CVE
CVE-2025-52664
CVE
CVE-2026-8111
CVE
Fortinet FortiWeb SQL Injection Vulnerability
CVE
Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.