Security News > 2025 > March > CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
2025-03-11 03:58
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-57968 - An unrestricted file upload vulnerability in Advantive VeraCore
News URL
https://thehackernews.com/2025/03/cisa-adds-five-actively-exploited.html
Related news
- CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 (source)
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List (source)
- CISA Adds Four Vulnerabilities to Catalog for Federal Enterprise (source)
- CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List (source)
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) (source)
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation (source)
- Ransomware criminals love CISA's KEV list – and that's a bug, not a feature (source)
- Week in review: Botnet hits M365 accounts, PoC for Ivanti Endpoint Manager vulnerabilities released (source)
- CISA tags Windows, Cisco vulnerabilities as actively exploited (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-03 | CVE-2024-57968 | Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). | 0.0 |