25-033 (August 12, 2025)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Kubernetes Ingress-Nginx Controller
1012367* - Kubernetes Ingress-Nginx Multiple Code Injection Vulnerabilities


Mail Server Postfix
1012235* - Zimbra Collaboration Command Injection Vulnerability (CVE-2024-45519)


Progress WhatsUp Gold
1012242* - Progress WhatsUp Gold SQL Injection Vulnerability (CVE-2024-46906)


Redis Server
1012413 - Redis Out of Bound Write Vulnerability (CVE-2025-32023)


Trend Micro OfficeScan
1012421 - Trend Micro Apex One Command Injection Vulnerability (CVE-2025-54948 and CVE-2025-54987)


Web Application PHP Based
1012247* - WordPress 'Super Backup & Clone' Plugin Arbitrary File Upload Vulnerability (CVE-2024-9290)


Web Client HTTPS
1012418 - MCP-Remote Command Injection Vulnerability (CVE-2025-6514)


Web Server HTTPS
1012241* - Cacti Stored Cross-Site Scripting Vulnerabilities (CVE-2024-43364 and CVE-2024-43365)
1012224* - WordPress 'Really Simple Security' Plugin Authentication Bypass Vulnerability (CVE-2024-10924)


Web Server SharePoint
1012423 - Microsoft SharePoint Server Denial-of-Service Vulnerability (ZDI-CAN-25207)
1012424 - Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability (ZDI-CAN-24831)


Windows Services RPC Client DCERPC
1012425 - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2025-53778)


Integrity Monitoring Rules:

1002770* - Linux/Unix - File attributes in the /usr/bin and /usr/sbin directories modified


Log Inspection Rules:

1008670* - Microsoft Windows Security Events - 3