CISA Adds Five New Vulnerabilities to Its Known Exploited Vulnerabilities Catalog 

Overview 

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding five vulnerabilities being exploited by cybercriminals.  
 
These new entries highlight critical flaws in widely used software systems, including those impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM).  
 
The identification of these vulnerabilities emphasizes cybersecurity risks to federal and private enterprise environments, as well as the urgent need for organizations to implement proper mitigation strategies. 

As part of its ongoing efforts to protect critical infrastructure, CISA has highlighted the following vulnerabilities based on evidence of active exploitation: 

1. CVE-2025-25181: Advantive VeraCore SQL Injection Vulnerability 
2. CVE-2024-57968: Advantive VeraCore Unrestricted File Upload Vulnerability 
3. CVE-2024-13159: Ivanti Endpoint Manager Absolute Path Traversal Vulnerability 
4. CVE-2024-13160: Ivanti Endpoint Manager Absolute Path Traversal Vulnerability 
5. CVE-2024-13161: Ivanti Endpoint Manager Absolute Path Traversal Vulnerability 

These vulnerabilities present cybersecurity threats and have been linked to a variety of attack vectors commonly exploited by cybercriminals.  

New Vulnerabilities Added to KEV Catalog 

CVE-2025-25181: Advantive VeraCore SQL Injection 

The SQL Injection vulnerability (CVE-2025-25181), affecting Advantive VeraCore through version 2025.1.0, allows attackers to execute arbitrary SQL commands remotely via the PmSess1 parameter in the timeoutWarning.asp file. Published on February 3, 2025, this vulnerability has a CVSS score of 5.8 (Medium), which indicates that although it is not the highest severity, it could still lead to unauthorized access to sensitive data and potentially cause damage to affected systems. 

Organizations using the affected versions of VeraCore are advised to implement mitigation strategies and update to newer versions as soon as possible to prevent exploitation. 

CVE-2024-57968: Advantive VeraCore Unrestricted File Upload 

Another critical vulnerability added to the KEV Catalog is CVE-2024-57968 in Advantive VeraCore. This flaw, which affects versions prior to 2024.4.2.1, allows remote authenticated users to upload files to unintended directories, potentially exposing them to other users during web browsing. Classified with a CVSS score of 9.9 (Critical), the unrestricted file upload vulnerability could be exploited by attackers to upload malicious files, escalating the risk of remote code execution or data breaches. Organizations are urged to update to the latest versions to address this vulnerability. 

Ivanti Endpoint Manager Path Traversal Vulnerabilities 

Several severe vulnerabilities were discovered in Ivanti Endpoint Manager (EPM), all related to absolute path traversal flaws. These vulnerabilities (CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161) have been identified in Ivanti’s EPM versions prior to the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update. These flaws enable unauthenticated, remote attackers to access sensitive information by manipulating file paths, potentially leaking sensitive data, or allowing attackers to gain unauthorized access to critical files. 

Each of these vulnerabilities carries a CVSS score of 9.8 (Critical), highlighting the severe risk posed to users who have not yet applied the necessary patches. CISA has emphasized that malicious actors frequently target these types of vulnerabilities, making immediate patching crucial for the protection of organizational systems. 

Path Traversal Vulnerabilities and Their Risks 

The path traversal vulnerabilities affecting Ivanti EPM systems are particularly concerning as they can expose sensitive system files. Path traversal vulnerabilities occur when an attacker manipulates file paths to access files outside the intended directory. This can lead to a breach of confidentiality and the potential for further attacks, such as data exfiltration or remote code execution. 

Given the critical nature of these vulnerabilities, organizations are strongly urged to follow CISA’s guidance and apply the recommended patches immediately. Failure to address these issues could result in security incidents, especially in environments where Ivanti EPM is used to manage enterprise-wide IT resources. 

Recommendation and Mitigation Strategies 

CISA has provided the following recommendations for mitigating the risks associated with these vulnerabilities: 

1. Patch systems immediately: To mitigate the risk of exploitation, ensure that all affected systems are updated to the latest versions. For Ivanti EPM, this includes applying the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update. For Advantive VeraCore, ensure systems are updated to version 2024.4.2.1 or higher. 

2. Monitor for suspicious activity: Organizations should actively monitor their networks for signs of exploitation related to these vulnerabilities. This includes looking for unusual login attempts, file uploads, or file access patterns. 

3. Implement strict access controls: Enforce strict access control policies to limit unauthorized access to sensitive systems. This includes ensuring that only authorized users can upload files or access critical paths within a system. 

4. Utilize security tools: Organizations should use intrusion detection and prevention systems to identify and block exploit attempts targeting known vulnerabilities, including those cataloged by CISA in the KEV Catalog. 

Conclusion  

CISA’s Known Exploited Vulnerabilities (KEV) Catalog is an essential resource for organizations to identify and respond to actively targeted vulnerabilities. By continuously updating the catalog, CISA helps organizations prioritize patching efforts and defensive strategies to protect against malicious exploitation. 

As new vulnerabilities, like CVE-2025-25181 and path traversal issues in Ivanti EPM, emerge, staying informed and taking proactive security measures is increasingly crucial. Failing to address these vulnerabilities leaves organizations vulnerable to security breaches, highlighting the urgent need for timely patching and better defenses. 

References: 

• https://www.cisa.gov/news-events/alerts/2025/03/10/cisa-adds-five-known-exploited-vulnerabilities-catalog 
• https://www.cve.org/CVERecord?id=CVE-2025-25181 
• https://www.cve.org/CVERecord?id=CVE-2024-57968 
• https://www.cve.org/CVERecord?id=CVE-2024-13159 
• https://www.cve.org/CVERecord?id=CVE-2024-13160 
• https://www.cve.org/CVERecord?id=CVE-2024-13161