25-040 (September 30, 2025)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP AutoPass License Server
1012228* - HPE AutoPass License Server Authentication Bypass Vulnerability (CVE-2024-51767)


HP Intelligent Management Center (IMC)
1012451 - Apache OFBiz Argument Injection Vulnerability (CVE-2025-54466) - 1
1012452 - Apache OFBiz Argument Injection Vulnerability (CVE-2025-54466) - 2


SAP NetWeaver Java Application Server
1012455 - SAP NetWeaver AS JAVA Directory Traversal Vulnerability (CVE-2017-12637)


Unix Samba
1012454 - Linux Kernel KSMBD NULL Pointer Dereference Vulnerability (CVE-2025-22037)


Web Application Common
1005934* - Identified Suspicious Command Injection Attack


Web Application PHP Based
1012261* - WordPress 'Drag and Drop Multiple File Upload - Contact Form 7' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0595)
1012259* - WordPress 'VR Calendar' Plugin Command Injection Vulnerability (CVE-2022-2314)


Web Server HTTPS
1012262* - Veritas Enterprise Vault Cross-Site Scripting Vulnerability (CVE-2024-52943)


Web Server Miscellaneous
1012449 - XWiki SQL Injection Vulnerability (CVE-2025-32429)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.