CISA reports active exploitation of Advantive VeraCore flaws
Take action: If you are running Advantive VeraCore, check if it's possible to isolate the system from the internet and make it accessible only from trusted networks and apply mitigation options. Then apply patches quickly. If not possible to isolate from the internet - because of external partners or other reasons, apply patches IMMEDIATELY. You are already under attack.
Learn More
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is reporting active exploitation of two security flaws affecting Advantive VeraCore.
Advantive VeraCore is a software solution designed for third-party logistics (3PL) and fulfillment companies, providing tools for order and warehouse management, inventory control, and eCommerce integration.
Vulnerability summary
- CVE-2024-57968 (CVSS score 9.9): An unrestricted file upload vulnerability in Advantive VeraCore that allows a remote unauthenticated attacker to upload files to unintended folders via upload.aspx. This vulnerability enables attackers to place files in locations accessible during web browsing by other users.
- CVE-2025-25181 (CVSS score 5.8): An SQL injection vulnerability in Advantive VeraCore that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter. This is classified as a medium-severity flaw.
The exploitation of these VeraCore vulnerabilities has been attributed to a threat actor known as XE Group. This group has been observed:
- Injecting reverse shells in compromised systems
- Deploying web shells to maintain persistent remote access
- Targeting VeraCore installations across various organizations
Security researchers recommend that organizations using Advantive VeraCore products apply available patches immediately and implement isolation and security controls to detect and prevent exploitation attempts.
