XE Group Exploits Zero-Day Vulnerabilities in VeraCore – CVE-2024-57968 & CVE-2025-25181
do son 
Cybersecurity researchers from Intezer and Solis Security have uncovered a dramatic shift in tactics by XE Group, a notorious cybercriminal organization active since at least 2013. Originally known for credit card skimming and supply chain attacks, XE Group has evolved into a more sophisticated threat actor, now leveraging zero-day vulnerabilities to infiltrate organizations across various industries.
XE Group focused on credit card skimming and password theft, often through supply chain attacks that compromised e-commerce platforms. However, recent findings reveal that “XE Group transitioned from credit card skimming to targeted information theft, marking a significant shift in their operational priorities.” Instead of targeting online payment systems, the group is now focusing on supply chain attacks in manufacturing and distribution sectors, exploiting previously unknown software vulnerabilities.
In 2024, XE Group leveraged two zero-day vulnerabilities in VeraCore software, a widely used fulfillment and warehouse management platform. These vulnerabilities, identified as CVE-2024-57968 (Upload Validation Vulnerability, CVSS 9.9) and CVE-2025-25181 (SQL Injection, CVSS 5.8), allowed XE Group to deploy webshells, maintain unauthorized access, and execute arbitrary commands on compromised systems. The report details that “through these vulnerabilities, XE Group deployed webshells to maintain unauthorized access to compromised systems, demonstrating increasing sophistication.”
XE Group has demonstrated exceptional patience in maintaining access to compromised systems. “In 2024, the group reactivated a webshell initially deployed years earlier, highlighting their ability to remain undetected and reengage targets.” This method of persistence underscores the threat actor’s strategic approach, allowing them to exploit compromised environments over extended periods, often evading traditional detection methods.
Organizations need to stay vigilant, continuously monitor their systems for suspicious activity, and implement comprehensive security controls to mitigate the risks posed by sophisticated cybercriminal groups like XE Group. As the Intezer report states, “XE Group’s evolution from credit card skimming operations to exploiting zero-day vulnerabilities underscores their adaptability and growing sophistication.”
Related Posts:
- Cisco releases the security updates to fix RCE flaw in Cisco IOS XE Software
- CVE-2023-20198 (CVSS:10): Cisco IOS XE Zero Day Vulnerability
- Silent Skimmer Reemerges: New Tactics Target Payment Gateways
