Views:

Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

System Requirements

The 3.2.0 DV is supported on devices running TOS 5.x and earlier. The 4.0.0 DV is supported on devices running TOS 6.x or higher, as well as vTPS. Please note that vTPS does not currently support pre-disclosed ZDI filters.

The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_10056.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_4.0.0_10056.pkg

Table of Contents
--------------------------
  New Filters - 23
  Modified Filters (logic changes) - 10
  Modified Filters (metadata changes only) - 17
  Removed Filters - 0

  New Filters:

    46239: HTTP: Hewlett Packard Enterprise AutoPass License Server Hard-coded Credential Usage (ZDI-25-613)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: High
      - Description: This filter detects the usage of hard-coded credentials to connect to Hewlett Packard Enterprise AutoPass License Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-37107 CVSS 7.3
        - Zero Day Initiative: ZDI-25-613
      - Classification: Security Policy - Authentication Failure (telnet login failed, brute force, etc.)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 12, 2025

    46250: ZDI-CAN-27685: Zero Day Initiative Vulnerability (Promptfoo)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Promptfoo.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46251: ZDI-CAN-26972: Zero Day Initiative Vulnerability (Langflow)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Langflow.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46252: ZDI-CAN-27322: Zero Day Initiative Vulnerability (Langflow)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Langflow.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46253: ZDI-CAN-27325: Zero Day Initiative Vulnerability (Langflow)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Langflow.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46254: ZDI-CAN-27497: Zero Day Initiative Vulnerability (Langflow)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Langflow.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46266: ZDI-CAN-27362: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46267: ZDI-CAN-27363: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46268: ZDI-CAN-27364: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46269: ZDI-CAN-27368: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46270: ZDI-CAN-27370: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46271: ZDI-CAN-27371: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46272: ZDI-CAN-27374: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46273: ZDI-CAN-27390: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46274: HTTP: TOTOLINK T6 cstecgi.cgi setWiFiAclRules Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in TOTOLINK T6.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-7460 CVSS 7.4
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: August 12, 2025

    46275: HTTP: TOTOLINK T6 cstecgi.cgi CloudSrvVersionCheck Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in TOTOLINK T6.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-7613 CVSS 5.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: August 12, 2025

    46276: HTTP: Trend Micro Apex One Console Command Injection Vulnerability (ZDI-25-771,ZDI-25-772)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Trend Micro Apex One.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-54948 CVSS 9.8, CVE-2025-54987 CVSS 9.8
        - Zero Day Initiative: ZDI-25-771, ZDI-25-772
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 12, 2025

    46278: HTTP: Ivanti Endpoint Manager Mobile Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Ivanti Endpoint Manager Mobile.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-6771
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 12, 2025

    46279: HTTP: TOTOLINK T6 cstecgi.cgi delDevice Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in TOTOLINK T6.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-7614 CVSS 5.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: August 12, 2025

    46280: HTTP: TOTOLINK T6 cstecgi.cgi clearPairCfg Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in TOTOLINK T6.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-7615 CVSS 5.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: August 12, 2025

    46281: HTTP: JetBrains TeamCity diskUsageBuildsStats Cross-Site Scripting Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in JetBrains TeamCity.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-52877
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 12, 2025

    46287: ZDI-CAN-27323: Zero Day Initiative Vulnerability (Delta Electronics CNCSoft)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Electronics CNCSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46289: RPC: Microsoft Exchange Hybrid Deployment Authentication Bypass Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an authentication bypass vulnerability in Microsoft Exchange Server.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-53786
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: August 12, 2025

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    31271: HTTP: wget Command Injection in HTTP URI
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: August 07, 2018
      - Last Modified Date: August 12, 2025

    41351: HTTP: Fuji Electric Tellus Lite V-Simulator 6 X1 Out-of-Bounds Write Vulnerability (ZDI-23-822)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "41351: ZDI-CAN-16779: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 31, 2022
      - Last Modified Date: August 12, 2025

    41353: HTTP: Fuji Electric Tellus Lite V-Simulator 6 X1 Out-Of-Bounds Write Vulnerability (ZDI-23-820)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "41353: ZDI-CAN-16602: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 31, 2022
      - Last Modified Date: August 12, 2025

    41354: HTTP: Fuji Electric Tellus Lite V-Simulator 6 X1 Buffer Overflow Vulnerability (ZDI-23-821)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "41354: ZDI-CAN-16717: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 31, 2022
      - Last Modified Date: August 12, 2025

    43926: HTTP: Microsoft Exchange PowerShell Exposed Dangerous Method NTLM Relay Vulnerability (ZDI-25-809)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "43926: ZDI-CAN-23450: Zero Day Initiative Vulnerability (Microsoft Exchange)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 05, 2024
      - Last Modified Date: August 12, 2025

    45255: HTTP: QNAP TS-464 Active Directory Authentication Bypass Vulnerability (Pwn2Own ZDI-25-742)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45255: PWN2OWN ZDI-CAN-25587: Zero Day Initiative Vulnerability (QNAP TS-464)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 07, 2025
      - Last Modified Date: August 12, 2025

    45441: HTTP: Microsoft Windows Theme File Parsing Improper Input Validation Vulnerability (ZDI-25-824,823)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45441: ZDI-CAN-26364,26372: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 18, 2025
      - Last Modified Date: August 12, 2025

    45686: HTTP: Vacron Camera ping Command Injection Vulnerability (ZDI-25-805)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45686: ZDI-CAN-25892: Zero Day Initiative Vulnerability (Vacron Camera)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 08, 2025
      - Last Modified Date: August 12, 2025

    * 45906: HTTP: Microsoft SharePoint DataSetSurrogate Insecure Deserialization Vulnerability (ZDI-25-581,653)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 20, 2025
      - Last Modified Date: August 12, 2025

    * 46121: HTTP: Citrix NetScaler ADC and NetScaler Gateway Memory Leak Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: July 08, 2025
      - Last Modified Date: August 12, 2025

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 3710: HTTP: Negative Content-Length HTTP Header
      - IPS Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: December 31, 2005
      - Last Modified Date: August 12, 2025

    39724: HTTP: PKZIP Archive Filename Directory Traversal
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.
      - Release Date: June 01, 2021
      - Last Modified Date: August 12, 2025

    * 43929: HTTP: Microsoft Windows MonikerLink Information Disclosure Vulnerability (ZDI-25-814)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "43929: ZDI-CAN-23548: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: March 05, 2024
      - Last Modified Date: August 12, 2025

    45116: HTTP: Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Vulnerability (ZDI-25-632)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45116: ZDI-CAN-25459: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: November 26, 2024
      - Last Modified Date: August 12, 2025

    45177: HTTP: QNAP TS-464 Log Tool SQL Injection Vulnerability (Pwn2Own ZDI-25-758,ZDI-25-759)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45177: PWN2OWN ZDI-CAN-25656: Zero Day Initiative Vulnerability (QNAP TS-464)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: December 24, 2024
      - Last Modified Date: August 12, 2025

    * 45192: HTTP: QNAP TS-464 URL Encoding Authentication Bypass Vulnerability (Pwn2Own ZDI-25-753)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45192: PWN2OWN ZDI-CAN-25482: Zero Day Initiative Vulnerability (QNAP TS-464)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: December 17, 2024
      - Last Modified Date: August 12, 2025

    * 45213: HTTP: QNAP TS-464 qnap_exec Command Injection Vulnerability (Pwn2Own ZDI-25-743)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45213: PWN2OWN ZDI-CAN-25585: Zero Day Initiative Vulnerability (QNAP TS-464)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: December 24, 2024
      - Last Modified Date: August 12, 2025

    45260: HTTP: Ashlar-Vellum Cobalt AR File Parsing Out-of-Bounds Read Vulnerability (ZDI-25-642)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45260: ZDI-CAN-25972: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 07, 2025
      - Last Modified Date: August 12, 2025

    45261: HTTP: Ashlar-Vellum Cobalt VC6 File Parsing Out-of-Bounds Read Vulnerability (ZDI-25-643)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45261: ZDI-CAN-25945: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 07, 2025
      - Last Modified Date: August 12, 2025

    45262: HTTP: Ashlar-Vellum Cobalt VC6 File Parsing Out-of-Bounds Write Vulnerability (ZDI-25-638)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45262: ZDI-CAN-25944: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 07, 2025
      - Last Modified Date: August 12, 2025

    45265: HTTP: Ashlar-Vellum Graphite VC6 File Parsing Out-of-Bounds Write Vulnerability (ZDI-25-644)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45265: ZDI-CAN-25862: Zero Day Initiative Vulnerability (Ashlar-Vellum Graphite)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 07, 2025
      - Last Modified Date: August 12, 2025

    45266: HTTP: Ashlar-Vellum Graphite VC6 File Parsing Out-of-Bounds Write Vulnerability (ZDI-25-639)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45266: ZDI-CAN-25755: Zero Day Initiative Vulnerability (Ashlar-Vellum Graphite)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 07, 2025
      - Last Modified Date: August 12, 2025

    45268: HTTP: Ashlar-Vellum Graphite VC6 File Parsing Out-of-Bounds Write Vulnerability (ZDI-25-641)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45268: ZDI-CAN-25756: Zero Day Initiative Vulnerability (Ashlar-Vellum Graphite)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 07, 2025
      - Last Modified Date: August 12, 2025

    45574: HTTP: Phoenix Contact CHARX SEC-3150 DHCP Command Injection Vulnerability (Pwn2Own ZDI-25-621)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45574: ZDI-CAN-26350: Zero Day Initiative Vulnerability (Phoenix Contact CHARX SEC-3150)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: March 18, 2025
      - Last Modified Date: August 12, 2025

    45575: HTTP: Phoenix Contact CHARX SEC-3150 OCPP Authentication Bypass Vulnerability (Pwn2Own ZDI-25-628)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45575: ZDI-CAN-26346: Zero Day Initiative Vulnerability (Phoenix Contact CHARX SEC-3150)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: March 18, 2025
      - Last Modified Date: August 12, 2025

    46098: HTTP: Marvell QConvergeConsole compressConfigFiles Directory Traversal Vulnerability (ZDI-25-733)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46098: ZDI-CAN-24915: Zero Day Initiative Vulnerability (Marvell QConvergeConsole)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: July 01, 2025
      - Last Modified Date: August 12, 2025

    46141: HTTP: NI LabVIEW VI File Parsing Memory Corruption Vulnerability (ZDI-25-768)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46141: ZDI-CAN-27081: Zero Day Initiative Vulnerability (NI LabVIEW VI)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: July 08, 2025
      - Last Modified Date: August 12, 2025

  Removed Filters: None

Keywords: Digital Vaccine #10056

Digital Vaccine #10056

Product / Version includes:

TippingPoint Digital Vaccine All

Last updated: 2025/08/13

Solution ID: KA-0020737

Category: Configure , Troubleshoot , Install

Summary

Digital Vaccine #10056 August 12, 2025

System Requirements

Table of Contents
--------------------------
  New Filters - 23
  Modified Filters (logic changes) - 10
  Modified Filters (metadata changes only) - 17
  Removed Filters - 0

  New Filters:

    46239: HTTP: Hewlett Packard Enterprise AutoPass License Server Hard-coded Credential Usage (ZDI-25-613)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: High
      - Description: This filter detects the usage of hard-coded credentials to connect to Hewlett Packard Enterprise AutoPass License Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-37107 CVSS 7.3
        - Zero Day Initiative: ZDI-25-613
      - Classification: Security Policy - Authentication Failure (telnet login failed, brute force, etc.)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 12, 2025

    46250: ZDI-CAN-27685: Zero Day Initiative Vulnerability (Promptfoo)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Promptfoo.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46251: ZDI-CAN-26972: Zero Day Initiative Vulnerability (Langflow)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Langflow.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46252: ZDI-CAN-27322: Zero Day Initiative Vulnerability (Langflow)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Langflow.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46253: ZDI-CAN-27325: Zero Day Initiative Vulnerability (Langflow)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Langflow.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46254: ZDI-CAN-27497: Zero Day Initiative Vulnerability (Langflow)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Langflow.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46266: ZDI-CAN-27362: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46267: ZDI-CAN-27363: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46268: ZDI-CAN-27364: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46269: ZDI-CAN-27368: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46270: ZDI-CAN-27370: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46271: ZDI-CAN-27371: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46272: ZDI-CAN-27374: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46273: ZDI-CAN-27390: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure Power Build)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Schneider Electric EcoStruxure Power Build.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46274: HTTP: TOTOLINK T6 cstecgi.cgi setWiFiAclRules Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in TOTOLINK T6.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-7460 CVSS 7.4
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: August 12, 2025

    46275: HTTP: TOTOLINK T6 cstecgi.cgi CloudSrvVersionCheck Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in TOTOLINK T6.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-7613 CVSS 5.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: August 12, 2025

    46276: HTTP: Trend Micro Apex One Console Command Injection Vulnerability (ZDI-25-771,ZDI-25-772)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Trend Micro Apex One.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-54948 CVSS 9.8, CVE-2025-54987 CVSS 9.8
        - Zero Day Initiative: ZDI-25-771, ZDI-25-772
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 12, 2025

    46278: HTTP: Ivanti Endpoint Manager Mobile Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Ivanti Endpoint Manager Mobile.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-6771
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 12, 2025

    46279: HTTP: TOTOLINK T6 cstecgi.cgi delDevice Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in TOTOLINK T6.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-7614 CVSS 5.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: August 12, 2025

    46280: HTTP: TOTOLINK T6 cstecgi.cgi clearPairCfg Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in TOTOLINK T6.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-7615 CVSS 5.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: August 12, 2025

    46281: HTTP: JetBrains TeamCity diskUsageBuildsStats Cross-Site Scripting Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in JetBrains TeamCity.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-52877
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 12, 2025

    46287: ZDI-CAN-27323: Zero Day Initiative Vulnerability (Delta Electronics CNCSoft)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Electronics CNCSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 12, 2025

    46289: RPC: Microsoft Exchange Hybrid Deployment Authentication Bypass Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an authentication bypass vulnerability in Microsoft Exchange Server.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-53786
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: August 12, 2025

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    31271: HTTP: wget Command Injection in HTTP URI
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: August 07, 2018
      - Last Modified Date: August 12, 2025

    41351: HTTP: Fuji Electric Tellus Lite V-Simulator 6 X1 Out-of-Bounds Write Vulnerability (ZDI-23-822)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "41351: ZDI-CAN-16779: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 31, 2022
      - Last Modified Date: August 12, 2025

    41353: HTTP: Fuji Electric Tellus Lite V-Simulator 6 X1 Out-Of-Bounds Write Vulnerability (ZDI-23-820)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "41353: ZDI-CAN-16602: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 31, 2022
      - Last Modified Date: August 12, 2025

    41354: HTTP: Fuji Electric Tellus Lite V-Simulator 6 X1 Buffer Overflow Vulnerability (ZDI-23-821)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "41354: ZDI-CAN-16717: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 31, 2022
      - Last Modified Date: August 12, 2025

    43926: HTTP: Microsoft Exchange PowerShell Exposed Dangerous Method NTLM Relay Vulnerability (ZDI-25-809)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "43926: ZDI-CAN-23450: Zero Day Initiative Vulnerability (Microsoft Exchange)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 05, 2024
      - Last Modified Date: August 12, 2025

    45255: HTTP: QNAP TS-464 Active Directory Authentication Bypass Vulnerability (Pwn2Own ZDI-25-742)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45255: PWN2OWN ZDI-CAN-25587: Zero Day Initiative Vulnerability (QNAP TS-464)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 07, 2025
      - Last Modified Date: August 12, 2025

    45441: HTTP: Microsoft Windows Theme File Parsing Improper Input Validation Vulnerability (ZDI-25-824,823)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45441: ZDI-CAN-26364,26372: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 18, 2025
      - Last Modified Date: August 12, 2025

    45686: HTTP: Vacron Camera ping Command Injection Vulnerability (ZDI-25-805)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45686: ZDI-CAN-25892: Zero Day Initiative Vulnerability (Vacron Camera)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 08, 2025
      - Last Modified Date: August 12, 2025

    * 45906: HTTP: Microsoft SharePoint DataSetSurrogate Insecure Deserialization Vulnerability (ZDI-25-581,653)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 20, 2025
      - Last Modified Date: August 12, 2025

    * 46121: HTTP: Citrix NetScaler ADC and NetScaler Gateway Memory Leak Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: July 08, 2025
      - Last Modified Date: August 12, 2025

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 3710: HTTP: Negative Content-Length HTTP Header
      - IPS Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: December 31, 2005
      - Last Modified Date: August 12, 2025

    39724: HTTP: PKZIP Archive Filename Directory Traversal
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.
      - Release Date: June 01, 2021
      - Last Modified Date: August 12, 2025

    * 43929: HTTP: Microsoft Windows MonikerLink Information Disclosure Vulnerability (ZDI-25-814)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "43929: ZDI-CAN-23548: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: March 05, 2024
      - Last Modified Date: August 12, 2025

    45116: HTTP: Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Vulnerability (ZDI-25-632)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45116: ZDI-CAN-25459: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: November 26, 2024
      - Last Modified Date: August 12, 2025

    45177: HTTP: QNAP TS-464 Log Tool SQL Injection Vulnerability (Pwn2Own ZDI-25-758,ZDI-25-759)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45177: PWN2OWN ZDI-CAN-25656: Zero Day Initiative Vulnerability (QNAP TS-464)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: December 24, 2024
      - Last Modified Date: August 12, 2025

    * 45192: HTTP: QNAP TS-464 URL Encoding Authentication Bypass Vulnerability (Pwn2Own ZDI-25-753)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45192: PWN2OWN ZDI-CAN-25482: Zero Day Initiative Vulnerability (QNAP TS-464)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: December 17, 2024
      - Last Modified Date: August 12, 2025

    * 45213: HTTP: QNAP TS-464 qnap_exec Command Injection Vulnerability (Pwn2Own ZDI-25-743)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45213: PWN2OWN ZDI-CAN-25585: Zero Day Initiative Vulnerability (QNAP TS-464)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: December 24, 2024
      - Last Modified Date: August 12, 2025

    45260: HTTP: Ashlar-Vellum Cobalt AR File Parsing Out-of-Bounds Read Vulnerability (ZDI-25-642)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45260: ZDI-CAN-25972: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 07, 2025
      - Last Modified Date: August 12, 2025

    45261: HTTP: Ashlar-Vellum Cobalt VC6 File Parsing Out-of-Bounds Read Vulnerability (ZDI-25-643)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45261: ZDI-CAN-25945: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 07, 2025
      - Last Modified Date: August 12, 2025

    45262: HTTP: Ashlar-Vellum Cobalt VC6 File Parsing Out-of-Bounds Write Vulnerability (ZDI-25-638)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45262: ZDI-CAN-25944: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 07, 2025
      - Last Modified Date: August 12, 2025

    45265: HTTP: Ashlar-Vellum Graphite VC6 File Parsing Out-of-Bounds Write Vulnerability (ZDI-25-644)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45265: ZDI-CAN-25862: Zero Day Initiative Vulnerability (Ashlar-Vellum Graphite)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 07, 2025
      - Last Modified Date: August 12, 2025

    45266: HTTP: Ashlar-Vellum Graphite VC6 File Parsing Out-of-Bounds Write Vulnerability (ZDI-25-639)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45266: ZDI-CAN-25755: Zero Day Initiative Vulnerability (Ashlar-Vellum Graphite)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 07, 2025
      - Last Modified Date: August 12, 2025

    45268: HTTP: Ashlar-Vellum Graphite VC6 File Parsing Out-of-Bounds Write Vulnerability (ZDI-25-641)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45268: ZDI-CAN-25756: Zero Day Initiative Vulnerability (Ashlar-Vellum Graphite)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 07, 2025
      - Last Modified Date: August 12, 2025

    45574: HTTP: Phoenix Contact CHARX SEC-3150 DHCP Command Injection Vulnerability (Pwn2Own ZDI-25-621)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45574: ZDI-CAN-26350: Zero Day Initiative Vulnerability (Phoenix Contact CHARX SEC-3150)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: March 18, 2025
      - Last Modified Date: August 12, 2025

    45575: HTTP: Phoenix Contact CHARX SEC-3150 OCPP Authentication Bypass Vulnerability (Pwn2Own ZDI-25-628)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45575: ZDI-CAN-26346: Zero Day Initiative Vulnerability (Phoenix Contact CHARX SEC-3150)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: March 18, 2025
      - Last Modified Date: August 12, 2025

    46098: HTTP: Marvell QConvergeConsole compressConfigFiles Directory Traversal Vulnerability (ZDI-25-733)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46098: ZDI-CAN-24915: Zero Day Initiative Vulnerability (Marvell QConvergeConsole)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: July 01, 2025
      - Last Modified Date: August 12, 2025

    46141: HTTP: NI LabVIEW VI File Parsing Memory Corruption Vulnerability (ZDI-25-768)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46141: ZDI-CAN-27081: Zero Day Initiative Vulnerability (NI LabVIEW VI)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: July 08, 2025
      - Last Modified Date: August 12, 2025

  Removed Filters: None

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Digital Vaccine #10056

Digital Vaccine #10056

Product / Version includes:

Summary