25-037 (September 9, 2025)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Remote Desktop Protocol Server
1012383 - Identified RDS Local Resource Redirection Attempt
1012380 - Identified Suspicious File Transfer From RDP Redirect Drive
1007969* - Identified Suspicious Remote Desktop Protocol (RDP) Brute Force Attempt (ATT&CK T1110, T1021.001)


Unix Samba
1012437 - Linux Kernel KSMBD NULL Pointer Dereference Vulnerability (CVE-2025-38191)


Web Application Common
1012352* - Pandora FMS Command Injection Vulnerability (CVE-2024-12971)


Web Application PHP Based
1012436 - WonderCMS Reflected Cross Site Scripting Vulnerability (CVE-2023-41425)
1012344* - WordPress 'Beautiful Taxonomy Filters' Plugin SQL Injection Vulnerability (CVE-2024-12270)
1012368* - WordPress 'WP Hotel Booking' Plugin SQL Injection Vulnerability (CVE-2023-5652)
1012347* - WordPress 'WP Load Gallery' Plugin Arbitrary File Upload Vulnerability (CVE-2025-23942)


Web Client Common
1012432 - Trend Micro Worry-Free Business Security Missing Authentication Vulnerability (CVE-2025-53378)


Web Server HTTPS
1012435 - ZendTo Directory Traversal Vulnerability (CVE-2025-34508)


Web Server SharePoint
1012390* - Microsoft SharePoint Server Spoofing Vulnerability (CVE-2025-49706 and CVE-2025-53771)
1012442 - Microsoft SharePoint Server-Side Request Forgery Vulnerability (CVE-2025-53760)


Windows Services RPC Client DCERPC
1012441 - Microsoft Windows NTLM Privilege Escalation Vulnerability (CVE-2025-54918)


pgAdmin
1012349* - pgAdmin Remote Code Execution Vulnerability (CVE-2025-2945)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.