Advantive

Advantive's VeraCore warehouse management software has suffered a security breach due to the exploitation of two critical vulnerabilities by the XE Group, a threat actor active since 2010. CVE-2024-57968, a severe file upload vulnerability, has been patched, but CVE-2025-25181, a SQL injection flaw, remains unpatched as of March 2025. The exploitation of these vulnerabilities allowed the attackers to deploy web shells, gain persistent access, and potentially compromise supply chain security by stealing sensitive data and causing operational disruptions. The longevity of the breach, with attackers maintaining access for over four years in some instances, highlights the significant threat this incident poses to the logistics sector and critical infrastructure.

Source: https://cybersecuritynews.com/cisa-adds-2-veracore-vulnerabilities-to-known-actively-exploit-vulnerability-catalog/

"id": "adv959031125",
"linkid": "advantive-software",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"