Supply chain attacks capitalized on unpatched vulnerabilities in VeraCore software
In a recent development, researchers have uncovered two active exploits of zero-day vulnerabilities in VeraCore warehouse management software, targeting supply chains in the manufacturing and distribution industries. One of these vulnerabilities, CVE-2025-25181, has raised concerns due to its potential impact.
To determine if the CVE-2025-25181 zero-day vulnerability in Advantive VeraCore has been patched, here are some steps you can follow:
1. Check Official Vendor Updates: Visit Advantive's official website or contact their support team to see if they have released any patches or updates addressing CVE-2025-25181. They should provide information on whether the vulnerability has been fixed and how to apply the patch.
2. Monitor CISA Updates: The Cybersecurity and Infrastructure Security Agency (CISA) maintains a Known Exploited Vulnerabilities Catalog. Check this catalog for updates on CVE-2025-25181. If CISA has updated the status, it may indicate that a patch is available or recommended mitigation strategies have been provided.
3. Consult Security Advisories: Look for security advisories from reputable sources like ENTRYZERO or SOC Prime. These platforms often provide updates and proof-of-concept (PoC) details for vulnerabilities, which can help you understand if a patch is available or if alternative mitigation strategies are suggested.
4. Engage with the Community: Participate in cybersecurity forums or discussions where security professionals share information about vulnerabilities and patches. This can be a valuable resource for staying updated on the status of CVE-2025-25181.
5. Perform a Vulnerability Scan: Use vulnerability scanning tools to check your system for the presence of CVE-2025-25181. If the scan indicates that the vulnerability is still present, it suggests that the patch has not been applied or is not available yet.
It's important to note that the temporary fix for another vulnerability, CVE-2024-57968, a critical upload validation flaw in VeraCore, has been released by Advantive. However, it's unclear if CVE-2025-25181, a medium-severity SQL injection flaw, has been patched.
The discovery of these vulnerabilities comes as XE Group, known for its prolific credit card-skimming operation, has increased its capabilities. The group compromised a Microsoft Internet Information Services (IIS) server hosting VeraCore's warehouse management system software, demonstrating adaptability and growing sophistication.
The reactivation of a webshell years after initial deployment suggests that XE Group is committed to long-term objectives in maintaining persistent access to systems. The group deployed customized webshells, described as "highly versatile" tools for maintaining persistent access to victim environments and SQL queries.
The flaws were discovered after an XE Group attack was identified on Nov. 5. Advantive, the software vendor, has stated that there are no known active threats to VeraCore software at this time. The company continues to evaluate and enhance security measures to prevent unauthorized access and maintain the highest cybersecurity standards.
The IIS server was first breached in January 2020 through the then-unknown SQL injection zero-day flaw. XE Group compromised manufacturing and distribution sector supply chains using the VeraCore vulnerabilities. The zero-day flaws were used in cyberattacks by the XE Group, a cybercriminal gang first observed in 2013.
Staying informed about the patch status for these vulnerabilities is crucial for protecting your systems. By following the steps outlined above, you can stay updated and take appropriate measures to secure your VeraCore software.
- In light of the discovered zero-day vulnerabilities in VeraCore, staying updated on the patch status for CVE-2025-25181, a medium-severity SQL injection flaw, is of utmost importance for maintaining cybersecurity.
- The discovery of these vulnerabilities, along with the increased capabilities of the XE Group, highlights the critical role technology plays in general-news and crime-and-justice, as cybercriminal groups continue to exploit software weaknesses for malicious purposes.
- As cybersecurity professionals, it's essential to monitor sources like ENTRYZERO or SOC Prime for security advisories, news about patch releases, and potential proof-of-concept details for zero-day vulnerabilities like CVE-2025-25181, to ensure effective protection against cyber threats.
