Rule Update

25-035 (August 26, 2025)

Publish date: August 26, 2025

DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Adobe Experience Manager
1012427 - Adobe Experience Manager Remote Code Execution Vulnerability (CVE-2025-54253)

CyberPanel
1012196* - CyberPanel Remote Code Execution Vulnerability (CVE-2024-51567)

GhostCMS
1012434 - Ghost CMS Directory Traversal Vulnerability (CVE-2023-32235)

Ivanti Endpoint Manager
1012345* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2025-22461)

JetBrains TeamCity
1012429 - JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability (CVE-2025-52876)

Mail Server Common
1012173* - Roundcube Webmail Stored Cross-Site Scripting Vulnerability (CVE-2024-42009)

Web Application PHP Based
1012247* - WordPress 'Super Backup & Clone' Plugin Arbitrary File Upload Vulnerability (CVE-2024-9290)

Web Application Tomcat
1012251* - LibreNMS Command Injection Vulnerability (CVE-2024-51092)

Web Server HTTPS
1012353* - Cacti SQL Injection Vulnerability (CVE-2024-54146)
1012233* - WordPress 'FundEngine Donation and Crowdfunding Platform' SQL Injection Vulnerability (CVE-2022-0788)
1012320* - WordPress 'KiviCare' Plugin SQL Injection Vulnerability (CVE-2024-11728)
1012224* - WordPress 'Really Simple Security' Plugin Authentication Bypass Vulnerability (CVE-2024-10924)
1012223* - WordPress Core Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2024-31210)
1012365* - Zabbix SQL Injection Vulnerability (CVE-2024-36465)

Web Server Nagios
1012329* - Nagios XI SQL Injection Vulnerability (CVE-2023-48084)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1012433 - Group Managed Service Account Password Access Attempt
1002795* - Microsoft Windows Events

See all Security Updates

Featured Stories

Beware of MCP Hardcoded Credentials: A Perfect Target for Threat Actors
Poor secret management in MCP servers can lead to serious consequences, including data breaches and supply chain attacks. This article examines the reality of these unsecure configurations and offers practical recommendations that minimize the chances of exposure.
Read more
$Lessons in Resilience from the Race to Patch SharePoint Vulnerabilities$
Lessons in Resilience from the Race to Patch SharePoint Vulnerabilities
In this article, Trend Micro discusses how the fast-moving attacks using CVE-2025-53770 and CVE-2025-53771 have underscored the essential role of virtual patching and reliable intelligence in protecting organizations against evolving threats.
Read more
$Unveiling AI Agent Vulnerabilities Part V: Securing LLM Services$
Unveiling AI Agent Vulnerabilities Part V: Securing LLM Services
To conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.
Read more
$Unveiling AI Agent Vulnerabilities Part IV: Database Access Vulnerabilities$
Unveiling AI Agent Vulnerabilities Part IV: Database Access Vulnerabilities
How can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.
Read more

25-035 (August 26, 2025)

DESCRIPTION

Featured Stories

Trend Vision One™ - Proactive Security Starts Here.

Resources

Support

About Trend

Country Headquarters