Vulnerability Description
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
CVSS Score
5.8
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advantive | Veracore | < 2025.1.1.3 |
Related Weaknesses (CWE)
References
- https://advantive.my.site.com/support/s/knowledgeProductRelease Notes
- https://intezer.com/blog/research/xe-group-exploiting-zero-days/ExploitTechnical DescriptionThird Party Advisory
- https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-ExploitTechnical DescriptionThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
FAQ
What is CVE-2025-25181?
CVE-2025-25181 is a vulnerability with a CVSS score of 5.8 (MEDIUM). A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
How severe is CVE-2025-25181?
CVE-2025-25181 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-25181?
Check the references section above for vendor advisories and patch information. Affected products include: Advantive Veracore.