CVE-2025-25181
CVE-2025-25181
In short
A flaw in VeraCore's timeoutWarning.asp page lets attackers insert malicious SQL commands through the PmSess1 parameter, potentially accessing or modifying sensitive database information.
Technical detail
SQL injection vulnerability in timeoutWarning.asp parameter PmSess1 allows unauthenticated remote attackers to execute arbitrary SQL queries against the backend database. The vulnerability stems from insufficient input validation on user-supplied parameters, enabling data exfiltration, modification, or deletion depending on database permissions.
Summary generated and translated by AI from the official description.
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected products
Advantive · VeraCoreWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://advantive.my.site.com/support/s/knowledgehttps://intezer.com/blog/research/xe-group-exploiting-zero-days/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-25181https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-to-exploiting-zero-days/