25-054 (December 23, 2025)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Apache Kylin
1012483* - Apache Kylin Authentication Bypass Vulnerability (CVE-2025-61733)


React Server
1012506 - React Server Remote Code Execution Vulnerability (CVE-2025-55182 and CVE-2025-66478) - 3


Web Application Common
1012505 - Identified Suspicious PHP Command Injection Attack in URI


Web Application Ruby Based
1012438 - Grafana Open Redirect Vulnerability (CVE-2025-4123)


Web Server HTTPS
1012489* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2025-62411)
1012469* - WordPress 'Everest Forms' Plugin Unrestricted File Upload Vulnerability (CVE-2025-1128)


Web Server Miscellaneous
1012303* - XWiki Code Injection Vulnerability (CVE-2025-24893)


Zoho ManageEngine ADAuditPlus
1012467* - Zoho ManageEngine ADAudit Plus SQL Injection Vulnerability (CVE-2025-36527)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.