Recent reports from the US Cybersecurity and Infrastructure Security Agency (CISA) have highlighted the addition of three critical vulnerabilities in Ivanti software to their Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, specifically affecting Ivanti’s Endpoint Management, have been observed being exploited in the wild.
The vulnerabilities, identified as CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161, are all absolute path traversal vulnerabilities that allow remote unauthenticated attackers to access sensitive information. With a CVSS base score of 9.8 each, these vulnerabilities pose significant risks to organizations.
CISA, in a recent security advisory, emphasized the importance of timely remediation to reduce exposure to cyberattacks. While the KEV catalog primarily targets US federal agencies, CISA encourages all organizations to prioritize addressing these vulnerabilities to enhance their cybersecurity posture.
This is not the first instance in 2025 where Ivanti vulnerabilities have been exploited. Earlier this year, Microsoft and Google Cloud’s Mandiant identified the exploitation of CVE-2025-0282, a critical vulnerability affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. Additionally, CISA and the FBI issued warnings about threat actors actively exploiting chained vulnerabilities in Ivanti Cloud Service Appliances.
In the same security advisory, CISA also revealed that two vulnerabilities affecting VeraCode products are being actively exploited. The first vulnerability, CVE-2024-57968, is an unrestricted file upload flaw in Advantive VeraCore. Exploiting this vulnerability allows attackers to upload files to unintended folders accessible during web browsing by other users. With a CVSS base score of 9.9, this vulnerability is considered critical.
The second vulnerability, identified as CVE-2025-25181, is an SQL injection flaw in Advantive VeraCore. This vulnerability enables remote attackers to execute arbitrary SQL commands via the PmSess1 parameter. While this flaw is categorized as medium severity, it still poses a significant risk to organizations.
In light of these recent developments, organizations are urged to remain vigilant and address these vulnerabilities promptly to mitigate the potential risks associated with exploitation. The collaboration between security agencies and software vendors is crucial in identifying and remedying vulnerabilities to bolster overall cybersecurity defenses in an increasingly digital landscape.