Rule Update
25-037 (2025年9月9日)
2025年9月9日
概要
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Remote Desktop Protocol Server
1012383 - Identified RDS Local Resource Redirection Attempt
1012380 - Identified Suspicious File Transfer From RDP Redirect Drive
1007969* - Identified Suspicious Remote Desktop Protocol (RDP) Brute Force Attempt (ATT&CK T1110, T1021.001)
Unix Samba
1012437 - Linux Kernel KSMBD NULL Pointer Dereference Vulnerability (CVE-2025-38191)
Web Application Common
1012352* - Pandora FMS Command Injection Vulnerability (CVE-2024-12971)
Web Application PHP Based
1012436 - WonderCMS Reflected Cross Site Scripting Vulnerability (CVE-2023-41425)
1012344* - WordPress 'Beautiful Taxonomy Filters' Plugin SQL Injection Vulnerability (CVE-2024-12270)
1012368* - WordPress 'WP Hotel Booking' Plugin SQL Injection Vulnerability (CVE-2023-5652)
1012347* - WordPress 'WP Load Gallery' Plugin Arbitrary File Upload Vulnerability (CVE-2025-23942)
Web Client Common
1012432 - Trend Micro Worry-Free Business Security Missing Authentication Vulnerability (CVE-2025-53378)
Web Server HTTPS
1012435 - ZendTo Directory Traversal Vulnerability (CVE-2025-34508)
Web Server SharePoint
1012390* - Microsoft SharePoint Server Spoofing Vulnerability (CVE-2025-49706 and CVE-2025-53771)
1012442 - Microsoft SharePoint Server-Side Request Forgery Vulnerability (CVE-2025-53760)
Windows Services RPC Client DCERPC
1012441 - Microsoft Windows NTLM Privilege Escalation Vulnerability (CVE-2025-54918)
pgAdmin
1012349* - pgAdmin Remote Code Execution Vulnerability (CVE-2025-2945)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Remote Desktop Protocol Server
1012383 - Identified RDS Local Resource Redirection Attempt
1012380 - Identified Suspicious File Transfer From RDP Redirect Drive
1007969* - Identified Suspicious Remote Desktop Protocol (RDP) Brute Force Attempt (ATT&CK T1110, T1021.001)
Unix Samba
1012437 - Linux Kernel KSMBD NULL Pointer Dereference Vulnerability (CVE-2025-38191)
Web Application Common
1012352* - Pandora FMS Command Injection Vulnerability (CVE-2024-12971)
Web Application PHP Based
1012436 - WonderCMS Reflected Cross Site Scripting Vulnerability (CVE-2023-41425)
1012344* - WordPress 'Beautiful Taxonomy Filters' Plugin SQL Injection Vulnerability (CVE-2024-12270)
1012368* - WordPress 'WP Hotel Booking' Plugin SQL Injection Vulnerability (CVE-2023-5652)
1012347* - WordPress 'WP Load Gallery' Plugin Arbitrary File Upload Vulnerability (CVE-2025-23942)
Web Client Common
1012432 - Trend Micro Worry-Free Business Security Missing Authentication Vulnerability (CVE-2025-53378)
Web Server HTTPS
1012435 - ZendTo Directory Traversal Vulnerability (CVE-2025-34508)
Web Server SharePoint
1012390* - Microsoft SharePoint Server Spoofing Vulnerability (CVE-2025-49706 and CVE-2025-53771)
1012442 - Microsoft SharePoint Server-Side Request Forgery Vulnerability (CVE-2025-53760)
Windows Services RPC Client DCERPC
1012441 - Microsoft Windows NTLM Privilege Escalation Vulnerability (CVE-2025-54918)
pgAdmin
1012349* - pgAdmin Remote Code Execution Vulnerability (CVE-2025-2945)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.