The US Cybersecurity and Infrastructure Security Agency (CISA) added five security flaws on Monday, affecting the known Exploited Vulnerabilities (KEV) catalogue based on evidence of active exploitation in the wild.
Here’s the list of vulnerabilities –
CVE-2024-57968 – Unlimited file upload vulnerability that allows non-remote attackers to upload files to unintended folders via Upload.apsx CVE-2025-25181 – SQL Injection Vulnerability in Apsive Veracore The absolute route traversal vulnerability in IVANTI EPM can leak CVE-2024-13160 that allows remote authenticators to leak sensitive information. Unrecognized attackers to leak sensitive information
The exploitation of Veracore’s vulnerability is attributed to the likely Vietnamese threat actor named XE Group. This has been observed to drop reverse shells and web shells to maintain permanent remote access to compromised systems.
Meanwhile, there are currently no public reports on how the three Ivanti EPM flaws are weaponized in actual attacks. The Proof of Concept (POC) exploit was released last month by Horizon3.AI. Cybersecurity companies describe them as “enforcement certification” bugs, allowing less-known attackers to compromise their servers.
In light of active exploitation, it is essential that federal civil enforcement sector (FCEB) agencies apply the necessary patches by March 31, 2025.
The development comes as threat intelligence company Greynorth warned of the mass exploitation of CVE-2024-4577, a critical vulnerability affecting PHP-CGI.
“Over 43% of IP targeting CVE-2024-4577 in the last 30 days are from Germany and China,” Greynoise said, adding that “we detected coordinated spikes in attempts to exploit networks against multiple countries, suggesting additional automated scans for vulnerable targets in February.”
Source link
