25-031 (29 de julio de 2025)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

CyberPanel
1012300* - CyberPanel Command Injection Vulnerability (CVE-2024-51378)
1012299* - CyberPanel Remote Code Execution Vulnerability (CVE-2024-53376)


PaperCut
1012415 - PaperCut NG and MF Cross-Site Request Forgery Vulnerability (CVE-2023-2533)


Progress WhatsUp Gold
1012239* - Progress WhatsUp Gold SQL Injection Vulnerability (CVE-2024-46907)


Web Application PHP Based
1012401 - WordPress 'Depicter' Plugin SQL Injection Vulnerability (CVE-2025-2011)
1012301* - WordPress 'Quiz Maker' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2023-2571)


Web Server Adobe ColdFusion
1012408 - Adobe ColdFusion Command Injection Vulnerability (CVE-2025-49537)
1012404* - Adobe ColdFusion Stored Cross-Site Scripting Vulnerability (CVE-2025-49540)


Web Server Common
1012412 - Bypass Network Scanner Traffic - XFF


Web Server HTTPS
1012354* - Craft CMS Remote Code Execution Vulnerability (CVE-2025-32432)
1012292* - Zabbix SQL Injection Vulnerability (CVE-2024-42327)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.