Security News > 2025 > March > CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
2025-03-11 03:58
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-57968 - An unrestricted file upload vulnerability in Advantive VeraCore
News URL
https://thehackernews.com/2025/03/cisa-adds-five-actively-exploited.html
Related news
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
- CISA reveals new malware variant used on compromised Ivanti Connect Secure devices (source)
- CISA spots spawn of Spawn malware targeting Ivanti flaw (source)
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
- CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database (source)
- CISA warns about actively exploited Broadcom, Commvault vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-03 | CVE-2024-57968 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantive Veracore Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). | 8.8 |