In a worrying development for the cybersecurity world, two zero-day vulnerabilities were recently uncovered in VeraCore, a warehouse management software platform. Cybercriminals known as the XE Group exploited these flaws to carry out supply chain attacks. The company behind VeraCore, Advantive, is currently grappling with the repercussions of these breaches, especially given the persistence and sophistication shown by the XE Group. The vulnerabilities, classified as CVE-2024-57968 and CVE-2025-25181, pose significant risks to the affected systems and organizations.
Discovery of Critical Zero-Day Vulnerabilities
CVE-2024-57968: Severe Upload Validation Flaw
Researchers from Intezer and Solis Security exposed the alarming presence of CVE-2024-57968, a severe upload validation flaw with a daunting CVSS score of 9.9. This flaw, if unmitigated, allows unauthorized individuals to upload potentially harmful files. The researchers demonstrated how easily the XE Group could manipulate this security gap to gain unauthorized access. The group exploited this vulnerability, specifically targeting hosting servers running VeraCore on Microsoft Internet Information Services (IIS) systems.
This high-severity flaw permits attackers to upload arbitrary files to specific directories without any form of validation. Consequently, these files can contain malicious scripts that compromise the core operations of the server. The ease with which this flaw can be used emphasizes the urgent need for software providers to conduct thorough vulnerability assessments regularly. The XE Group’s successful exploitation of CVE-2024-57968 serves as a stark reminder of how zero-day vulnerabilities can be utilized for prolonged attacks.
CVE-2025-25181: Medium-Severity SQL Injection Flaw
The second flaw, designated CVE-2025-25181, is a medium-severity SQL injection vulnerability, holding a CVSS score of 5.8. This flaw facilitates unauthorized access to database information, leading to a critical data breach if unchecked. The XE Group allegedly took advantage of this vulnerability as early as January 2020. Using SQL injection attacks, they managed to infiltrate the IIS server’s database system, deploying customized webshells for continuous access.
These webshells enabled the cybercriminals to establish backdoors, maintaining their presence in the affected systems for extended periods. Researchers noted that the XE Group’s strategic use of webshells, combined with their knowledge of SQL vulnerabilities, underscores their sophisticated approach. It is particularly alarming that the group managed to maintain access to an organization for more than four years, setting a dangerous precedent for future cybersecurity threats.
Response and Impact on VeraCore
Advantive’s Temporary Fix and Security Measures
In response to these discoveries, Advantive swiftly released a temporary fix aimed at neutralizing CVE-2024-57968 by removing the vulnerable upload feature. This move is part of a broader effort to secure existing systems immediately. However, there is ambiguity regarding any patch or solution addressing CVE-2025-25181. The company has also assured its users that as of now, there are no known active threats targeting VeraCore software, although security evaluations are ongoing.
The hastening release of temporary fixes, while necessary, underscores a deeper issue within software development: the struggle to balance rapid response with comprehensive solutions. Continuous updates, vigilance, and proactive security measures must become intrinsic components of the development and deployment stages to ensure such flaws do not remain for future exploits.
The Rising Threat in Supply Chain Cybersecurity
The XE Group, a cybercriminal organization, exploited these flaws to execute supply chain attacks, highlighting the increasing sophistication and persistence of cyber threats today. Advantive, the company responsible for VeraCore, is facing significant challenges due to these breaches. The specific vulnerabilities, tagged as CVE-2024-57968 and CVE-2025-25181, represent serious threats to the systems and organizations reliant on VeraCore’s software. These vulnerabilities could potentially allow unauthorized access and manipulation of critical data, putting both the integrity of supply chains and sensitive information at risk. The discovery of these flaws not only underscores the importance of robust cybersecurity measures but also signals a pressing need for continued vigilance and prompt action to mitigate risks in the ever-evolving landscape of cyber warfare.