In a sobering development for cybersecurity teams, the Cybersecurity and Infrastructure Security Agency (CISA) has added five critical vulnerabilities to its Known Exploited Vulnerabilities catalog. The advisory, issued March 10, 2025, targets flaws in Advantive VeraCore and Ivanti EPM products. And guess what? They’re already being exploited in the wild. Great.
The Advantive VeraCore vulnerabilities include an unrestricted file upload flaw (CVE-2024-57968) and SQL injection vulnerability (CVE-2025-25181). Both are rated critical. The file upload issue has been patched in version 2024.4.2.1, but the SQL injection vulnerability remains unpatched. Let that sink in—a known exploited vulnerability with no patch available. Typical.
The three Ivanti EPM vulnerabilities, discovered by Horizon3.ai researchers, allow unauthenticated attackers to coerce machine account credentials. These flaws can lead to server compromise through relay attacks. Nothing like giving attackers the keys to your kingdom.
XE Group has been actively exploiting the VeraCore vulnerabilities, often chaining them together in sophisticated multi-step attacks. They’re deploying web shells for persistent access, with some compromises dating back to 2020. Talk about playing the long game.
The impact? Devastating. Think unauthorized access to core servers, data theft, operational disruption, exposure of sensitive information, and lateral movement throughout networks. Supply chains and logistics operations are particularly at risk. With global data breach costs approaching NIST Cybersecurity Framework could help organizations develop more robust defenses against these types of attacks.
Organizations must update Advantive VeraCore to version 2024.4.2.1 or later and apply Ivanti EPM patches released in January 2025. The Ivanti vulnerability (CVE-2024-29847) involves a dangerous deserialization of untrusted data that could lead to remote code execution with the highest possible CVSS score of 10. CISA has set specific remediation deadlines for federal agencies, but everyone should act immediately. No excuses.
These vulnerabilities highlight the increasing risks in supply chain software. CISA’s KEV catalog helps prioritize vulnerability management, but it’s ultimately up to organizations to patch quickly. One particularly concerning vulnerability is the Ivanti EPM flaw CVE-2024-29824 with its CVSS score 9.6, representing a critical SQL injection issue that requires immediate attention. The sophisticated tactics of these threat actors show they’re not messing around. Neither should you.
