VeraCore Zero-Day Vulnerabilities Exploited in Supply Chain Attacks – A Growing Cybersecurity Threat

The cybersecurity landscape is constantly evolving, with hackers leveraging sophisticated techniques to infiltrate business networks. A recent supply chain attack has exposed two critical zero-day vulnerabilities in VeraCore’s warehouse management software, enabling cybercriminals to maintain access to compromised systems for over four years.

Cybersecurity researchers have linked this attack to the XE Group, a well-known cybercriminal gang. Their exploitation of CVE-2024-57968 and CVE-2025-25181 raises concerns about the security of supply chains in the manufacturing and distribution industries.

In this blog, we explore how these zero-day vulnerabilities were exploited, their impact on businesses, and steps organizations can take to enhance cybersecurity.

For a detailed breakdown of this cybersecurity threat, visit https://technijian.com/cyber-security/veracore-zero-day-vulnerabilities-exploited-in-supply-chain-attacks-a-growing-cybersecurity-threat/

Understanding Zero-Day Vulnerabilities

A zero-day vulnerability is a security flaw in software that is unknown to the vendor and has no official fix at the time of exploitation. Cybercriminals actively seek out these weaknesses to deploy malware, steal sensitive data, and maintain persistent access to compromised systems.

The VeraCore Vulnerabilities in Focus

Researchers identified two critical security flaws in VeraCore’s warehouse management system:

1. CVE-2024-57968 (Critical Upload Validation Flaw)
2. CVE-2025-25181 (SQL Injection Vulnerability)

How XE Group Exploited VeraCore Vulnerabilities

XE Group, a cybercriminal gang active since 2013, has previously engaged in credit card skimming and password-stealing malware attacks. However, their latest tactics indicate a strategic shift towards long-term network infiltration.

1. Initial Breach in 2020 via SQL Injection

• XE Group first exploited CVE-2025-25181 in January 2020, using SQL injection to gain access to Microsoft IIS servers running VeraCore software.
• The attackers manipulated database queries to install custom webshells for continuous remote access.

2. Deployment of Webshells for Long-Term Persistence

• XE Group deployed highly customized webshells, which allowed them to re-enter compromised systems at will.
• In one case, a webshell planted in 2020 was reactivated in 2024, demonstrating their long-term persistence strategy.

3. Targeting the Manufacturing and Distribution Supply Chain

• Instead of targeting individual companies, XE Group exploited VeraCore to infiltrate multiple organizations across the supply chain.
• These attacks pose a significant threat to logistics operations, inventory management, and sensitive customer data.

The Impact of These Cyber Attacks on Businesses

1. Disruptions to Supply Chain Operations

A breach in warehouse management software can delay shipments, manipulate inventory records, and disrupt entire supply chains.

2. Long-Term Access and Data Exfiltration

Since XE Group maintained access for over four years, businesses may have already suffered significant data leaks without realizing it.

3. Reputational and Financial Damage

Companies affected by the VeraCore vulnerability exploit face potential:

• Regulatory fines for failing to secure customer data.
• Operational downtime due to system compromises.
• Loss of customer trust and reputational damage.

How Businesses Can Protect Themselves

To mitigate risks from zero-day vulnerabilities, organizations should adopt a multi-layered cybersecurity strategy.

1. Apply Security Patches and Updates

• Advantive, the vendor behind VeraCore, released a temporary fix for CVE-2024-57968, removing the upload feature.
• However, the status of CVE-2025-25181 remains unclear, requiring businesses to proactively monitor and update their security measures.

2. Implement Web Application Security Controls

• Deploy Web Application Firewalls (WAFs) to block SQL injection and unauthorized file uploads.
• Use intrusion detection systems (IDS) and security monitoring tools to detect suspicious activities.

3. Conduct Regular Security Audits and Penetration Testing

• Perform penetration testing to identify vulnerabilities before hackers do.
• Regularly audit server logs and remove legacy webshells to prevent persistent threats.

4. Strengthen Access Controls and Authentication

• Enforce Multi-Factor Authentication (MFA) to prevent unauthorized access.
• Implement Zero Trust Security policies to restrict access based on user roles and device integrity.

5. Train Employees on Cybersecurity Awareness

• Educate employees about phishing attacks, credential security, and safe browsing practices.
• Conduct regular cybersecurity drills to enhance threat response capabilities.

For more insights on securing your supply chain against zero-day threats, visit https://technijian.com/podcast/veracore-zero-day-vulnerabilities-exploits-and-supply-chain-security/

FAQs About VeraCore Zero-Day Vulnerabilities

1. What is a zero-day vulnerability?

A zero-day vulnerability is an undiscovered security flaw in software that has no patch available, making it an attractive target for cybercriminals.

2. How were VeraCore vulnerabilities exploited?

XE Group used SQL injection (CVE-2025-25181) to gain access to warehouse management servers, then deployed customized webshells for persistent access.

3. Which industries were affected?

The manufacturing and distribution industries were the primary targets, as VeraCore’s warehouse management software is widely used in supply chain operations.

4. Has VeraCore released a permanent fix?

A temporary fix was issued for CVE-2024-57968, but there’s no confirmation on whether CVE-2025-25181 has been patched. Organizations should remain vigilant.

5. How can businesses protect against similar attacks?

Organizations should implement regular security patches, intrusion detection systems, web application firewalls, employee cybersecurity training, and multi-factor authentication (MFA).

6. What are the long-term risks of webshell attacks?

Webshells enable attackers to maintain hidden, long-term access to systems, allowing them to conduct data theft, ransomware deployment, and further system compromise.

Final Thoughts – Strengthening Cybersecurity for the Future

The VeraCore zero-day vulnerabilities highlight the increasing sophistication of cybercriminal groups like XE Group. With persistent access lasting over four years, these attacks emphasize the need for proactive cybersecurity defenses in the manufacturing and distribution industries.

By implementing strong security practices, regular audits, and advanced threat detection, businesses can reduce their exposure to zero-day exploits and safeguard their supply chains.

For expert cybersecurity solutions, consult with Technijian and read the full analysis on VeraCore vulnerabilities here: ?? Technijian Cybersecurity Report

?? Follow us for the latest updates, expert tips, and resources:

• Facebook
• Instagram
• LinkedIn
• TikTok
• Pinterest
• X (Twitter)

??? Subscribe to Our Podcast:

• Spotify
• Amazon Music
• YouTube Podcast

?? Visit Us Online: Technijian Official Website

Stay informed. Stay safe. Follow us for more updates!