25-044 (October 28, 2025)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Oracle E-Business Suite Web Interface
1012464* - Oracle E-Business Suite Server-Side Request Forgery Vulnerability (CVE-2025-61882 and CVE-2025-61884)


Veritas Enterprise Vault
1012229* - Veritas Enterprise Vault Remote Code Execution Multiple Vulnerabilities


Wazuh
1012332* - Wazuh Insecure Deserialization Vulnerability (CVE-2025-24016)


Web Application PHP Based
1012341* - LibreNMS Stored Cross-Site Scripting Vulnerabilities (CVE-2025-23199 and CVE-2025-23200)


Web Client HTTPS
1012472 - Ivanti Endpoint Manager Arbitrary File Write Vulnerability (CVE-2025-9712)


Web Server HTTPS
1012354* - Craft CMS Remote Code Execution Vulnerability (CVE-2025-32432)
1012473 - Microsoft Exchange Server Cross-Site Scripting Vulnerability (CVE-2021-31195)


Windows Server DCERPC
1012340* - Microsoft Windows Remote Desktop Licensing Service Path Traversal Vulnerability (CVE-2024-38258)


dotCMS
1012471 - dotCMS SQL Injection Vulnerability (CVE-2025-8311)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.