🚨 CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List

Cybercriminals are exploiting new vulnerabilities in widely used enterprise software, posing severe risks to businesses and government agencies. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five critical security flaws in Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog. These flaws are already under active exploitation, making immediate action essential. 

The Vulnerabilities: A Backdoor for Attackers

According to CISA, the following vulnerabilities are being actively exploited:

1. CVE-2024-57968 – 🛠️ Unrestricted file upload in Advantive VeraCore, allowing attackers to upload malicious files remotely via upload.apsx.
2. CVE-2025-25181 – 💻 SQL Injection in Advantive VeraCore, enabling attackers to execute arbitrary SQL commands and manipulate databases.
3. CVE-2024-13159 – 🔓 Path Traversal in Ivanti EPM, exposing sensitive system information.
4. CVE-2024-13160 – 🔑 Another Ivanti EPM path traversal flaw, allowing unauthorized data access.
5. CVE-2024-13161 – 🕵️‍♂️ A third path traversal issue in Ivanti EPM, making it possible to leak confidential files.

Who’s Behind These Attacks?

• The XE Group, a Vietnamese threat actor, is suspected of exploiting VeraCore vulnerabilities using reverse shells and web shells.
• Meanwhile, Ivanti EPM’s flaws have seen the release of a proof-of-concept (PoC) exploit by cybersecurity firm Horizon3.ai, increasing the risk of widespread attacks.

How These Vulnerabilities Are Being Exploited

• Attackers are leveraging VeraCore’s file upload flaw to insert malicious scripts, gaining a foothold in networks.
• Ivanti EPM vulnerabilities allow attackers to steal critical system files, potentially revealing authentication credentials, encryption keys, and other sensitive configurations.

This means attackers can move laterally within the network, escalate privileges, and launch further attacks, often without detection. 🚫

Why This Matters: A Growing Threat Landscape

These vulnerabilities pose a major risk to industries relying on Advantive VeraCore and Ivanti EPM, including:

• Logistics 🚛
• E-commerce 🛒
• IT Management 💾

📢 The rapid weaponization of PoC exploits accelerates the threat landscape. Many organizations fail to prioritize security updates for niche applications—leaving an open door for attackers.

🛡️ How to Protect Your Organization

Apply Security Patches Immediately ⏳

• CISA requires FCEB agencies to apply patches by March 31, 2025.
• All organizations should prioritize patching both Advantive and Ivanti systems.

Monitor Network Traffic for Unusual Activity 🔎

• Look for unexpected file uploads, unauthorized SQL queries, or suspicious system access.

Strengthen Access Controls 🔐

• Limit web application and database exposure to the internet.
• Implement multi-factor authentication (MFA).

Conduct Regular Security Audits 🛠️

• Regularly assess third-party software vulnerabilities.

Stay Informed on Emerging Threats 📰

• Follow CISA alerts and threat intelligence sources.

Final Thoughts

🚀 These vulnerabilities reinforce one crucial fact: attackers will exploit ANY weakness—whether in mainstream software or overlooked enterprise tools.

• Stay proactive.
• Apply patches immediately.
• Monitor and reinforce security controls.

💡 Cybersecurity is a never-ending battle. Stay patched, stay protected, and stay vigilant! 🔒