The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added 5 safety flaws impacting Advantive VeraCore and Ivanti Endpoint Supervisor (EPM) to its Identified Exploited Vulnerabilities (KEV) catalog, in line with proof of lively exploitation within the wild.
The listing of vulnerabilities is as follows –
- CVE-2024-57968 – An unrestricted record add vulnerability in Advantive VeraCore that permits a faraway unauthenticated attacker to add recordsdata to unintentional folders by means of add.apsx
- CVE-2025-25181 – An SQL injection vulnerability in Advantive VeraCore that permits a faraway attacker to execute arbitrary SQL instructions
- CVE-2024-13159 – An absolute trail traversal vulnerability in Ivanti EPM that permits a faraway unauthenticated attacker to leak delicate knowledge
- CVE-2024-13160 – An absolute trail traversal vulnerability in Ivanti EPM that permits a faraway unauthenticated attacker to leak delicate knowledge
- CVE-2024-13161 – An absolute trail traversal vulnerability in Ivanti EPM that permits a faraway unauthenticated attacker to leak delicate knowledge
The exploitation of VeraCore vulnerabilities has been attributed to most probably a Vietnamese danger actor named XE Team, which has been seen shedding opposite shells and internet shells to deal with chronic faraway get right of entry to to compromised techniques.
Alternatively, there are lately no public experiences about how the 3 Ivanti EPM flaws are being weaponized in real-world assaults. An explanation-of-concept (PoC) exploit used to be launched through Horizon3.ai final month. The cybersecurity corporate described them as “credential coercion” insects that might permit an unauthenticated attacker to compromise the servers.
In gentle of lively exploitation, you must that Federal Civilian Govt Department (FCEB) companies practice the essential patches through March 31, 2025.
The improvement comes as danger intelligence company GreyNose warned of mass exploitation of CVE-2024-4577, a essential vulnerability impacting PHP-CGI, with spikes in assault process focused on Japan, Singapore, Indonesia, the UK, Spain, and India.
“Greater than 43% of IPs focused on CVE-2024-4577 previously 30 days are from Germany and China,” GreyNoise stated, including it “detected a coordinated spike in exploitation makes an attempt towards networks in a couple of international locations, suggesting further computerized scanning for prone goals” in February.