Release notes for update package 1875-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:	Monday May 05, 2025
MD5 CHECKSUM:	3f95733f00a19b1f7f192bada1ee0aff
SHA1 CHECKSUM:	905dd4305a952a07747377632a14582628ff52b7
SHA256 CHECKSUM:	886c1eb77cc3d96038dfb34d8d38008af316f5c149e79b456b5aa55932d7953d

UPDATE CRITICALITY: HIGH

List of detected attacks in this update package:

Risk level	Description	Reference	Vulnerability
High	An attempt to exploit a vulnerability in NodeBB	CVE-2025-29512	NodeBB-IP-Blacklist-Stored-Cross-Site-Scripting-CVE-2025-29512
High	An attempt to exploit a vulnerability in NodeBB	CVE-2025-29512	NodeBB-IP-Blacklist-Stored-Cross-Site-Scripting-CVE-2025-29512
High	An attempt to exploit a vulnerability in FlowiseAI Flowise detected	CVE-2025-26319	FlowiseAI-Flowise-Attachments-Directory-Traversal-CVE-2025-26319
High	An attempt to exploit a vulnerability in GLPI detected	CVE-2025-24799	GLPI-Project-GLPI-Inventory-handleAgent-SQL-Injection-CVE-2025-24799
High	An attempt to exploit a vulnerability in GLPI detected	CVE-2025-24799	GLPI-Project-GLPI-Inventory-handleAgent-SQL-Injection-CVE-2025-24799
High	An attempt to exploit a vulnerability in Fortinet FortiOS detected	CVE-2024-55591	Fortinet-FortiOS-Authentication-Bypass-CVE-2024-55591
High	An attempt to exploit a vulnerability in Fortinet FortiOS detected	CVE-2024-55591	Fortinet-FortiOS-Authentication-Bypass-CVE-2024-55591
High	An attempt to exploit a vulnerability in Dnsmasq detected	CVE-2017-13704	Dnsmasq-Overly-Large-UDP-Packet-CVE-2017-13704
High	A suspicious Remote Desktop request was detected	CVE-2017-0176	EsteemAudit-Exploit-Tool
High	An attempt to exploit a vulnerability in bsnmpd detected	CVE-2014-1452	FreeBSD-bsnmpd-GetBulk-Request-Buffer-Overflow-CVE-2014-1452

Jump to: Detected Attacks System Policies Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	NodeBB-IP-Blacklist-Stored-Cross-Site-Scripting-CVE-2025-29512	CVE-2025-29512	HTTP_CS-NodeBB-IP-Blacklist-Stored-Cross-Site-Scripting-CVE-2025-29512	Suspected Compromise

DNS UDP Client Message

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Dnsmasq-Overly-Large-UDP-Packet-CVE-2017-13704	CVE-2017-13704	DNS-UDP_Dnsmasq-Overly-Large-UDP-Packet-CVE-2017-13704	Potential Compromise

TCP Client Stream Unknown

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	EsteemAudit-Exploit-Tool	CVE-2017-0176	Generic_CS-Microsoft-Windows-Remote-Desktop-Buffer-Overflow-CVE-2017-0176	Potential Compromise

SNMP UDP Client Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	FreeBSD-bsnmpd-GetBulk-Request-Buffer-Overflow-CVE-2014-1452	CVE-2014-1452	SNMP-UDP_FreeBSD-bsnmpd-GetBulk-Request-Buffer-Overflow-CVE-2014-1452	Potential Compromise

HTTP Normalized Request-Line

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	FlowiseAI-Flowise-Attachments-Directory-Traversal-CVE-2025-26319	CVE-2025-26319	HTTP_CRL-FlowiseAI-Flowise-Attachments-Directory-Traversal-CVE-2025-26319	Suspected Compromise

Text File Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	GLPI-Project-GLPI-Inventory-handleAgent-SQL-Injection-CVE-2025-24799	CVE-2025-24799	File-Text_GLPI-Project-GLPI-Inventory-handleAgent-SQL-Injection-CVE-2025-24799	Suspected Compromise

Identified Text File Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	GLPI-Project-GLPI-Inventory-handleAgent-SQL-Injection-CVE-2025-24799	CVE-2025-24799	File-TextId_GLPI-Project-GLPI-Inventory-handleAgent-SQL-Injection-CVE-2025-24799	Suspected Compromise

WebSocket Client Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Fortinet-FortiOS-Authentication-Bypass-CVE-2024-55591	CVE-2024-55591	WebSocket_CS-Fortinet-FortiOS-Authentication-Bypass-CVE-2024-55591	Suspected Compromise
High	NodeBB-IP-Blacklist-Stored-Cross-Site-Scripting-CVE-2025-29512	CVE-2025-29512	WebSocket_CS-NodeBB-IP-Blacklist-Stored-Cross-Site-Scripting-CVE-2025-29512	Suspected Compromise

WebSocket Server Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Fortinet-FortiOS-Authentication-Bypass-CVE-2024-55591	CVE-2024-55591	WebSocket_SS-Fortinet-FortiOS-Authentication-Bypass-CVE-2024-55591	Suspected Compromise

Updated detected attacks:

HTTP Request Header Line

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

CrushFTP-Server-Side-Template-Injection-CVE-2024-4040

CVE-2024-4040

HTTP_CSH-CrushFTP-Server-Side-Template-Injection-CVE-2024-4040

Suspected Compromise

Detection mechanism updated

High

CrushFTP-S3-Authentication-Bypass-CVE-2025-31161

CVE-2025-31161

HTTP_CSH-CrushFTP-S3-Authentication-Bypass-CVE-2025-31161

Suspected Compromise

Name: HTTP_CSH-CrushFTP-S3-Authentication-Bypass-CVE-2025-2825->HTTP_CSH-CrushFTP-S3-Authentication-Bypass-CVE-2025-31161

Description has changed

Fingerprint regexp changed

HTTP Normalized Request-Line

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Pandora-FMS-chromium_path-Or-phantomjs_bin-RCE-CVE-2024-12971

CVE-2024-12971

HTTP_CRL-Pandora-FMS-chromium_path-Or-phantomjs_bin-RCE-CVE-2024-12971

Suspected Compromise

Fingerprint regexp changed

Text File Stream

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

JavaScript-Obfuscated-With-Hangul-Filler-Characters

No CVE/CAN

File-Text_JavaScript-Obfuscated-With-Hangul-Filler-Characters

Suspected Compromise

Fingerprint regexp changed

SYSTEM POLICY CHANGES

UPDATED POLICIES:

Name	Changes
Certification Policy

LIST OF OTHER CHANGES:

New objects:

Type	Name
Category	FlowiseAI Flowise
Category	bsnmpd
IPList	WeChat IP Address List
IPList	Microsoft Azure datacenter for southeastus
IPList	Microsoft Azure service for AzureFrontDoor_MicrosoftSecurity

Updated objects:

Type

Name

Changes

Situation

HTTP_CSU-Shared-Variables

Situation

HTTP_PSU-Shared-Variables

Fingerprint regexp changed

Application

Outlook-Web-Access

Application

Microsoft-Office-365

Application

TOR

Application

DNS-Over-HTTPS

Application

NordVPN

Application

LinkedIn File Upload

Application

Microsoft-Teams

Situation

URL_List-DNS-Over-HTTPS

Detection mechanism updated

IPList

TOR exit nodes IP Address List

IPList

Amazon AMAZON

IPList

Amazon CLOUDFRONT

IPList

Microsoft Azure datacenter for australiaeast

IPList

Microsoft Azure datacenter for australiasoutheast

IPList

Microsoft Azure datacenter for brazilsouth

IPList

Microsoft Azure datacenter for canadacentral

IPList

TOR relay nodes IP Address List

IPList

Microsoft Azure datacenter for centralindia

IPList

Microsoft Azure datacenter for centraluseuap

IPList

Microsoft Azure datacenter for centralus

IPList

Microsoft Azure datacenter for eastasia

IPList

Microsoft Azure datacenter for eastus2euap

IPList

Microsoft Azure datacenter for eastus2

IPList

Microsoft Azure datacenter for eastus

IPList

Microsoft Azure datacenter for japaneast

IPList

Microsoft Azure datacenter for northeurope

IPList

Microsoft Azure datacenter for southcentralus

IPList

Microsoft Azure datacenter for southeastasia

IPList

Microsoft Azure datacenter for uksouth

IPList

Microsoft Office 365 Exchange Online

IPList

Microsoft Office 365 Skype for Business Online and Microsoft Teams

IPList

Microsoft Azure datacenter for westeurope

IPList

Microsoft Azure datacenter for westus2

IPList

Microsoft Azure datacenter for westus

IPList

Microsoft Azure datacenter

IPList

Zscaler IP Address List

IPList

Amazon WORKSPACES_GATEWAYS

IPList

Amazon CLOUDFRONT ap-northeast-1

IPList

Malicious Site IP Address List

IPList

Microsoft Azure datacenter for indonesiacentral

IPList

NordVPN Servers IP Address List

IPList

Amazon AMAZON ap-southeast-2

IPList

Amazon AMAZON ap-southeast-5

IPList

Amazon WORKSPACES_GATEWAYS eu-west-3

IPList

Amazon AMAZON us-east-1

IPList

Forcepoint Drop IP Address List

IPList

Microsoft Azure service for SerialConsole

IPList

Microsoft Azure service for AzureCloud

IPList

Microsoft Azure service for AzureFrontDoor_FirstParty

IPList

Microsoft Azure service for AzureKeyVault

IPList

Microsoft Azure service for AzureMonitor

IPList

Microsoft Azure service for AzureSignalR

IPList

Microsoft Azure service for DataFactory

IPList

Microsoft Azure service for DataFactoryManagement

IPList

Microsoft Azure service for LogicApps

IPList

Microsoft Azure service for LogicAppsManagement

IPList

Microsoft Azure service for PowerBI

IPList

Microsoft Azure datacenter for westus3

IPList

Microsoft Azure datacenter for usstagec

IPList

Microsoft Azure datacenter for polandcentral

IPList

Microsoft Azure datacenter for spaincentral

IPList

Microsoft Azure service for AzureWebPubSub

DISCLAIMER AND COPYRIGHT

Copyright © 2025 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.