CISA has likely added two VeraCore vulnerabilities, CVE-2024-57968 and CVE-2025-25181, to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation by the XE Group. The Cybersecurity and Infrastructure Security Agency (CISA) maintains the KEV catalog to track vulnerabilities actively exploited in the wild, aiding organizations in prioritizing remediation. VeraCore is widely used for warehouse management and order fulfillment, making its vulnerabilities a significant concern for supply chain security. These vulnerabilities impact VeraCore, a warehouse management software by Advantive, critical for supply chains in manufacturing and distribution. Active since 2010, XE Group targets supply chains, leveraging these zero-day flaws for data theft and operational disruption. XE Group has exploited these flaws to deploy web shells, maintaining access for over four years in some cases. Using stolen credentials, attackers exploit the file upload flaw to upload an ASPX web shell (e.g., ASPXSpy) to a writable directory. CISA’s inclusion of these vulnerabilities in the KEV catalog, likely updated around early March 2025, signals an urgent need for action. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Organizations using VeraCore must address these flaws to mitigate ongoing threats from XE Group’s persistent attacks. Their ability to persist undetected for over four years underscores the attack’s sophistication, posing risks to logistics and critical infrastructure. The web shell provides a backdoor, enabling attackers to return over years, as seen in cases dating back to 2020.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 10 Mar 2025 20:45:07 +0000