Views:
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC).
 
System Requirements
The 3.2.0 DV is supported on devices running TOS 5.x and earlier.
The 4.0.0 DV is supported on devices running TOS 6.x or higher, as well as vTPS. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
 
Table of Contents
--------------------------
  New Filters - 11
  Modified Filters (logic changes) - 1
  Modified Filters (metadata changes only) - 1
  Removed Filters - 0
  New Filters:

    46538: HTTP: Microsoft Azure Entra ID Graph API Elevation of Privilege Vulnerability 
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an elevation of privilege vulnerability in Microsoft Azure.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-55241
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 28, 2025

    46549: HTTP: Formbricks JWT Signature Verification Bypass Vulnerability 
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a JWT signature verification bypass vulnerability in Formbricks.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-59934 CVSS 9.4
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 28, 2025

    46562: HTTP: RARLAB WinRAR File Upload Directory Traversal Vulnerability 
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: The filter detects an attempt to exploit a directory traversal vulnerability in RARLAB WinRAR.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-8088 CVSS 8.2
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: October 28, 2025

    46563: HTTP: Nagios XI Multiple Wizards Command Injection Vulnerability 
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Nagios XI.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-34227 CVSS 7.9
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 28, 2025

    46564: HTTP: Microsoft Exchange Server Cross-Site Scripting Vulnerability 
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Microsoft Exchange Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-31195
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: October 28, 2025

    46565: HTTP: Sitecore Powershell Extension Unrestricted File Upload Vulnerability 
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a file upload vulnerability in Sitecore Powershell Extension on Experience Manager (XM), and Experience Platform (XP).
      - Deployments:
        - Deployment: Performance-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-34511 CVSS 8.5
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 28, 2025

    46566: PWN2OWN ZDI-CAN-28357: Zero Day Initiative Vulnerability (Synology Active Protect) 
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Synology Active Protect.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 28, 2025

    46567: HTTP: Oracle E-Business Suite Configurator Pre-Auth Information Disclosure Vulnerability 
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a data access vulnerability in the Runtime UI component of Oracle Configurator in Oracle E-Business Suite.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-61884 CVSS 7.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 28, 2025

    46568: PWN2OWN ZDI-CAN-28325: Zero Day Initiative Vulnerability (Synology DiskStation DS925+) 
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Synology DiskStation DS925+.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 28, 2025

    46576: PWN2OWN ZDI-CAN-28324: Zero Day Initiative Vulnerability (QNAP TS-453E) 
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting QNAP TS-453E.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 28, 2025

    46577: HTTP: MikroTik RouterOS 7 JSON Parser Buffer Overflow Vulnerability 
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in MikroTik RouterOS 7 libjson.so in the parse_json_element function.
      - Deployments:
        - Deployment: Performance-Optimized (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-10948
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: October 28, 2025
   


  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 45429: HTTP: Microsoft Configuration Manager SQL Injection Vulnerability 
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: February 25, 2025
      - Last Modified Date: October 28, 2025



  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    32024: DHCP: Red Hat NetworkManager DHCP Command Injection Vulnerability 
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: June 19, 2018
      - Last Modified Date: October 28, 2025


  Removed Filters: None
Keywords: TippingPoint, Digital Vaccine, Trend Micro, DVLabs, Threat Management Center, TOS 5.x, TOS 6.x, vTPS, security filters, cybersecurity updates, malware protection, network security, new filters, modified filters, threat intelligence