CVE-2025-25181

Name of the Vulnerable Software and Affected Versions Advantive VeraCore versions through 2025.1.0

Description A SQL injection vulnerability in timeoutWarning.asp allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter. This issue is being actively exploited. The vulnerability enables remote SQL command execution, potentially allowing attackers to read, delete, or modify data.

Recommendations For Advantive VeraCore versions through 2025.1.0, consider disabling the PmSess1 parameter in the timeoutWarning.asp file as a temporary workaround until a patch is available. Restrict access to the timeoutWarning.asp file to minimize the risk of exploitation. Avoid using the PmSess1 parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.