25-034 (August 19, 2025)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

FTP Server IIS
1012386 - SolarWinds Serv-U Directory Traversal Vulnerability (CVE-2024-45711)


Ivanti Endpoint Manager
1012214* - Ivanti Endpoint Manager SQL Injection Vulnerabilities (CVE-2024-32847 and CVE-2024-37376)
1012211* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32839)
1012213* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32841)


JetBrains TeamCity
1012420 - JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability (CVE-2025-52877)


Splunk API
1012422 - Splunk Enterprise Reflected Cross-Site Scripting Vulnerability (CVE-2025-20297)


Trend Micro OfficeScan
1012202* - Trend Micro Apex One SQL Injection Vulnerability (CVE-2024-39753)


Web Application PHP Based
1012416 - WordPress 'AIT CSV Import/Export' Plugin Arbitrary File Upload Vulnerability (CVE-2020-36849)
1012428 - WordPress 'Web Directory Free' Plugin SQL Injection Vulnerability (CVE-2024-3552)


Web Client HTTPS
1012419 - Microsoft Windows Management Console Security Feature Bypass Vulnerability (CVE-2025-26633)


Web Server Adobe ColdFusion
1012414 - Adobe ColdFusion Command Injection Vulnerability (CVE-2025-43562)


Web Server HTTPS
1012170* - Centreon SQL Injection Vulnerability (CVE-2024-39842 and CVE-2024-39843)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.