Ongoing intrusions leveraging five Advantive VeraCore and Ivanti Endpoint Manager security issues have prompted their inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies ordered to remediate the bugs by the end of the month, The Hacker News reports.
Suspected Vietnamese threat operation XE Group was discovered to have been exploiting the pair of VeraCore unrestricted file upload and SQL injection vulnerabilities, tracked as CVE-2024-57968 and CVE-2025-25181, respectively, to facilitate reverse shell and web shell deployment for persistence in targeted systems.
Despite a proof-of-concept exploit from Horizon3.ai, more details regarding the active exploitation of the Ivanti EPM absolute path traversal flaws, tracked as CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161, remain uncertain.
Such a development follows a GreyNoise report detailing the global exploitation of the critical PHP-CGI vulnerability, tracked as CVE-2024-4577, with over 43% of the attacks over the past month originating from Germany- and China-based IP addresses.
