CVE-2025-25181

CVSS 3.1 Score 5.8 of 10 (medium)

Details

Published Feb 3, 2025

Updated: Feb 18, 2025

CWE ID 89

Summary

CVE-2025-25181 is a SQL injection vulnerability affecting Advantive VeraCore versions up to 2025.1.0. The issue lies in timeoutWarning.asp where an attacker can insert malicious SQL commands through the PmSess1 parameter, bypassing input validations and gaining unauthorized access to sensitive data or even executing administrative functions. This vulnerability poses a serious threat to data security and integrity, emphasizing the importance of applying the necessary patches or upgrades to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3CKoSs
https://www.cve.org/CVERecord?id=CVE-2025-25181
https://nvd.nist.gov/vuln/detail/CVE-2025-25181

Back to Vulnerability Database

CVE-2025-25181

CVSS 3.1 Score 5.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations