25-045 (2025年11月4日)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Ivanti Endpoint Manager
1012474 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2025-62390)


Oracle E-Business Suite Web Interface
1012464* - Oracle E-Business Suite Server-Side Request Forgery Vulnerability (CVE-2025-61882 and CVE-2025-61884)


Oracle PeopleSoft PIA
1012476 - Oracle PeopleSoft Enterprise PeopleTools Arbitrary File Read Vulnerability (CVE-2023-22047)


Web Application PHP Based
1012401* - WordPress 'Depicter' Plugin SQL Injection Vulnerability (CVE-2025-2011)
1012395* - WordPress 'HTML5 Video Player' Plugin SQL Injection Vulnerability (CVE-2024-1061)


Web Server Apache
1012305* - Chamilo Command Injection Vulnerabilities (CVE-2023-34960 and CVE-2023-3368)


Web Server HTTPS
1012461* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2025-55296)


Web Server Miscellaneous
1012335* - CrushFTP Authentication Bypass Vulnerability (CVE-2025-2825 and CVE-2025-31161)


Windows Server Update Service
1012478 - Microsoft Windows Server Update Service Insecure Deserialization Vulnerability (CVE-2025-59287)


Zoho ManageEngine ADAuditPlus
1012468 - Zoho ManageEngine ADAudit Plus SQL Injection Vulnerability (CVE-2025-3836)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.