| Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC). | | | | System Requirements | The 3.2.0 DV is supported on devices running TOS 5.x and earlier.
The 4.0.0 DV is supported on devices running TOS 6.x or higher, as well as vTPS. Please note that vTPS does not currently support pre-disclosed ZDI filters. | | | |
The Digital Vaccine can be manually downloaded from the following URLs:
|
New Filters:
46309: HTTP: Cisco Identity Services Engine enableStrongSwanTunnel Insecure Deserialization (ZDI-25-607)
IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Cisco Identity Services Engine.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-20337 CVSS 8.7
- Zero Day Initiative: ZDI-25-607
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: August 26, 2025
46323: HTTP: Coder code-server proxy Unintended Proxy Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an unintended proxy vulnerability in Coder code-server.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-47269 CVSS 8.3
- Classification: Vulnerability - Buffer/Heap Overflow
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: August 26, 2025
46324: HTTP: Adobe ColdFusion System Probes Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Adobe ColdFusion.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-43562
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Client Application
- Release Date: August 26, 2025
46325: HTTP: Adobe Experience Manager Forms OGNL Command Execution Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an attempt to execute commands via an exposed OGNL debug endpoint in Adobe Experience Manager Forms.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2025-54253
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: August 26, 2025
46326: ZDI-CAN-27507: Zero Day Initiative Vulnerability (Net-SNMP)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter protects against exploitation of a zero-day vulnerability affecting Net-SNMP.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 26, 2025
46327: ZDI-CAN-27682: Zero Day Initiative Vulnerability (MCP Lab)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting MCP Lab.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 26, 2025
46328: ZDI-CAN-26649: Zero Day Initiative Vulnerability (MLflow)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting MLflow.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 26, 2025
46329: HTTP: TP-Link TL-WDR4300 Authentication Bypass Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit an authentication bypass vulnerability in TP-Link TL-WR840N or TL-WR841N.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Access Validation
- Protocol: HTTP
- Platform: Networked Hardware Device Application or Service
- Release Date: August 26, 2025
46331: HTTP: JetBrains TeamCity favoriteIcon Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in JetBrains TeamCity.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-52876
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: August 26, 2025
46333: HTTP: Cisco Identity Services Engine Insecure Deserialization Vulnerability (ZDI-25-606)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Cisco Identity Services Engine.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-20284 CVSS 7.9
- Zero Day Initiative: ZDI-25-606
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: August 26, 2025
46344: SMB: Linux Kernel ksmbd destroy_previous_session Handling NULL Pointer Dereference Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a NULL Pointer Dereference vulnerability in the Linux kernel KSMBD.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-38191
- Classification: Vulnerability - Denial of Service (Crash/Reboot)
- Protocol: SMB
- Platform: Windows Server Application or Service
- Release Date: August 26, 2025
46345: HTTP: Microsoft SharePoint Server SignOut Referer Authentication Bypass Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit an authentication bypass vulnerability in Microsoft SharePoint Server.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-53771 CVSS 6.7
- Classification: Vulnerability - Access Validation
- Protocol: HTTP
- Platform: Windows Server Application or Service
- Release Date: August 26, 2025
46346: ZDI-CAN-27787: Zero Day Initiative Vulnerability (Windows CLI MCP Server)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Windows CLI MCP Server.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 26, 2025
46347: ZDI-CAN-27289: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: August 26, 2025
Modified Filters (logic changes):
* = Enabled in Default deployments
44808: TCP: Ivanti Endpoint Manager AgentPortal Remote Code Execution Vulnerability (ZDI-24-1223)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Release Date: September 24, 2024
- Last Modified Date: August 26, 2025
45677: HTTP: Samsung MagicINFO filenameHasExecutableType Unrestricted File Upload Vulnerability(ZDI-25-672)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45677: ZDI-CAN-25806: Zero Day Initiative Vulnerability (Samsung MagicINFO 9 Server)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: April 08, 2025
- Last Modified Date: August 26, 2025
Modified Filters (metadata changes only):
* = Enabled in Default deployments
45114: HTTP: Ashlar-Vellum Graphite VC6 Heap-based Buffer Overflow Vulnerability (ZDI-25-635)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45114: ZDI-CAN-25477: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
- Description updated.
- Vulnerability references updated.
- Release Date: November 26, 2024
- Last Modified Date: August 26, 2025
45117: HTTP: Ashlar-Vellum Graphite VC6 Stack-based Buffer Overflow Vulnerability (ZDI-25-633)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45117: ZDI-CAN-25463: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
- Description updated.
- Vulnerability references updated.
- Release Date: November 26, 2024
- Last Modified Date: August 26, 2025
45157: HTTP: Ashlar-Vellum Cobalt AR File Parsing Uninitialized Variable Vulnerability (ZDI-25-636)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45157: ZDI-CAN-25700: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
- Description updated.
- Vulnerability references updated.
- Release Date: December 10, 2024
- Last Modified Date: August 26, 2025
45158: HTTP: Ashlar-Vellum Cobalt VC6 File Parsing Integer Overflow Vulnerability (ZDI-25-637)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45158: ZDI-CAN-25704: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
- Description updated.
- Vulnerability references updated.
- Release Date: December 10, 2024
- Last Modified Date: August 26, 2025
45467: HTTP: Ashlar-Vellum Cobalt CO File Parsing Type Confusion Vulnerability (ZDI-25-724)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45467: ZDI-CAN-26233: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
- Description updated.
- Vulnerability references updated.
- Release Date: February 25, 2025
- Last Modified Date: August 26, 2025
45501: HTTP: Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Vulnerability (ZDI-25-725)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45501: ZDI-CAN-26238: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
- Description updated.
- Vulnerability references updated.
- Release Date: March 04, 2025
- Last Modified Date: August 26, 2025
45973: HTTP: NI LabVIEW VI File Parsing Memory Corruption Vulnerability (ZDI-25-769)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45973: ZDI-CAN-27088: Zero Day Initiative Vulnerability (NI LabVIEW VI)".
- Description updated.
- Vulnerability references updated.
- Release Date: June 10, 2025
- Last Modified Date: August 26, 2025
Removed Filters:
45973: HTTP: NI LabVIEW VI File Parsing Memory Corruption Vulnerability (ZDI-25-769)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45973: ZDI-CAN-27088: Zero Day Initiative Vulnerability (NI LabVIEW VI)".
- Description updated.
- Vulnerability references updated.
- Release Date: June 10, 2025
- Last Modified Date: August 26, 2025
|
