Cybersecurity and US Infrastructure Agency (CISA) added Five Safety Disadvantages affecting Veracore and Ivanti Endpoint (EPM) to their famous exploited vulnerabilities (Ship) A catalog based on evidence of active exploitation in the wild.
The list of vulnerabilities is the following –
- Cve-2024-57968 – Unlimited file upload vulnerability in Veracore’s commitment, which allows a remotely unauthorized attacker to upload files to unintentional folders using Upload.apsx
- Cve-2025-25181 – SQL injections in Veracore’s attachment, which allows remote attackers to perform arbitrary SQL commands
- Cve-2014-13159 – The absolute way of vulnerability of the path to Ivanti EPM, which allows a distant unauthorized attacker leak sensitive information
- Cve-2024-13160 – The absolute way of vulnerability of the path to Ivanti EPM, which allows a distant unauthorized attacker leak sensitive information
- Cve-2014-13161 – The absolute way of vulnerability of the path to Ivanti EPM, which allows a distant unauthorized attacker leak sensitive information
Exploitation of Veracore’s vulnerabilities was attributed In order to probably the actor of the Vietnamese threat, nicknamed XE Group, which is observed by reducing back shells and web -columns to maintain permanent remote access to impaired systems.
On the other hand, there are currently no public messages on how three IVANANTI EPM flaws are armed in real attacks. Was exploited proof of concept (POC) liberated by Horizon3.ai last month. Cybersecurity campaign described them as “accounting” errors that could allow an unauthorized striker to compromise the server.
In light of active exploitation, it is important that the Federal Civil Executive Agency (FCEB) applied the necessary patches by March 31, 2025.
Development occurs when firm on the exploration of threats of grannos warns of mass operation Cve-2024-4577A critical vulnerability affecting PHP-CGI with thorns in the activity of an attack aimed at Japan, Singapore, Indonesia, the United Kingdom, Spain and India.
“More than 43% IPS focused on CVE-2024-4577 over the past 30 days – NoteAdding it “revealed a coordinated spike in attempts to operate against networks in several countries, indicating an additional automated scan for vulnerable purposes” in February.
