Release notes for update package 1879-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:     Thursday May 15, 2025
MD5 CHECKSUM:     6c4fa0641f96ea1720e1b348c40e68de
SHA1 CHECKSUM:     14ad35bca166da482756f2c2a12ae801824c8b64
SHA256 CHECKSUM:     a2b57a02c731541a112d82b3ff6434172bcd98d9e4c4966d1719fe6a0916bec7


UPDATE CRITICALITY:    HIGH

List of detected attacks in this update package:

Risk level Description Reference Vulnerability
High     An attempt to exploit a vulnerability in Sonicwall SMA100 series appliances detected     CVE-2025-32821     SonicWall-SMA100-Remote-Command-Execution-CVE-2025-32821
High     An attempt to exploit a vulnerability in Sonicwall SMA100 series appliances detected     CVE-2025-32820     SonicWall-SMA100-Path-Traversal-CVE-2025-32820
High     An attempt to exploit a vulnerability in Craft CMS detected     CVE-2025-32432     Craft-CMS-Remote-Code-Execution-CVE-2025-32432
High     An attempt to exploit a vulnerability in JetBrains TeamCity detected     CVE-2025-31140     JetBrains-TeamCity-Cloud-Profiles-Stored-Cross-Site-Scripting-CVE-2025-31140
High     An attempt to exploit a vulnerability in Gogs     CVE-2024-39932     Gogs-GetDiffPreview-Argument-Injection-CVE-2024-39932
High     An attempt to exploit a vulnerability in Delta Electronics DIAScreen detected     CVE-2024-39605     Delta-Electronics-Diascreen-Dpa-File-Parsing-Stack-BOF-CVE-2024-39605
High     An attempt to exploit a vulnerability in ZABBIX ZABBIX detected     CVE-2024-36465     Zabbix-CApiService-SQL-Injection-CVE-2024-36465
High     An attempt to exploit a vulnerability in Ivanti Endpoint Manager detected     CVE-2024-13162     Ivanti-Endpoint-Manager-Serverasset-Updateassetinfo-SQL-Injection-CVE-2024-13162
High     An attempt to exploit a vulnerability in GeoVision detected     CVE-2024-6047     Geovision-Datesetting.Cgi-Command-Injection-CVE-2024-6047
High     An attempt to exploit a vulnerability in SonicWall SMA100 series appliances detected     CVE-2023-44221     SonicWall-SMA100-OS-Command-Injection-Vulnerability-CVE-2023-44221
High     An attempt to exploit a vulnerability in SonicWall SMA100 series appliances detected     CVE-2023-44221     SonicWall-SMA100-OS-Command-Injection-Vulnerability-CVE-2023-44221
High     An attempt to exploit a vulnerability in phpMyAdmin detected     CVE-2019-12922     Phpmyadmin-Setup-Server-Cross-Site-Request-Forgery-CVE-2019-12922
High     An attempt to exploit a vulnerability in Synology Photo Station detected     CVE-2017-11151     Synology-Photo-Station-Arbitrary-File-Upload-CVE-2017-11151

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High SonicWall-SMA100-Path-Traversal-CVE-2025-32820 CVE-2025-32820 HTTP_CS-SonicWall-SMA100-Path-Traversal-CVE-2025-32820 Suspected Compromise
High JetBrains-TeamCity-Cloud-Profiles-Stored-Cross-Site-Scripting-CVE-2025-31140 CVE-2025-31140 HTTP_CS-JetBrains-TeamCity-Cloud-Profiles-Stored-Cross-Site-Scripting-CVE-2025-31140 Suspected Compromise
High Synology-Photo-Station-Arbitrary-File-Upload-CVE-2017-11151 CVE-2017-11151 HTTP_CS-Synology-Photo-Station-Arbitrary-File-Upload-CVE-2017-11151 Suspected Compromise
High SonicWall-SMA100-OS-Command-Injection-Vulnerability-CVE-2023-44221 CVE-2023-44221 HTTP_CS-SonicWall-SMA100-OS-Command-Injection-Vulnerability-CVE-2023-44221 Suspected Compromise

HTTP Request URI

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Craft-CMS-Remote-Code-Execution-CVE-2025-32432 CVE-2025-32432 HTTP_CSU-Craft-CMS-Remote-Code-Execution-CVE-2025-32432 Suspected Compromise
High Gogs-GetDiffPreview-Argument-Injection-CVE-2024-39932 CVE-2024-39932 HTTP_CSU-Gogs-GetDiffPreview-Argument-Injection-CVE-2024-39932 Suspected Compromise

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High SonicWall-SMA100-Remote-Command-Execution-CVE-2025-32821 CVE-2025-32821 HTTP_CRL-SonicWall-SMA100-Remote-Command-Execution-CVE-2025-32821 Suspected Compromise
High Ivanti-Endpoint-Manager-Serverasset-Updateassetinfo-SQL-Injection-CVE-2024-13162 CVE-2024-13162 HTTP_CRL-Ivanti-Endpoint-Manager-Serverasset-Updateassetinfo-SQL-Injection-CVE-2024-13162 Suspected Compromise
High Zabbix-CApiService-SQL-Injection-CVE-2024-36465 CVE-2024-36465 HTTP_CRL-Zabbix-CApiService-SQL-Injection-CVE-2024-36465 Potential Compromise
High Geovision-Datesetting.Cgi-Command-Injection-CVE-2024-6047 CVE-2024-6047 HTTP_CRL-Geovision-Datesetting.Cgi-Command-Injection-CVE-2024-6047-CVE-2024-11120 Suspected Compromise
High SonicWall-SMA100-OS-Command-Injection-Vulnerability-CVE-2023-44221 CVE-2023-44221 HTTP_CRL-SonicWall-SMA100-OS-Command-Injection-Vulnerability-CVE-2023-44221 Suspected Compromise

Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Phpmyadmin-Setup-Server-Cross-Site-Request-Forgery-CVE-2019-12922 CVE-2019-12922 File-Text_Phpmyadmin-Setup-Server-Cross-Site-Request-Forgery-CVE-2019-12922 Suspected Compromise

Other Binary File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Delta-Electronics-Diascreen-Dpa-File-Parsing-Stack-BOF-CVE-2024-39605 CVE-2024-39605 File-Binary_Delta-Electronics-Diascreen-Dpa-File-Parsing-Stack-Buffer-Overflow-CVE-2024-39605 Suspected Compromise

Updated detected attacks:

DNS UDP Server Message

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High ISC-Bind-Edns-Option-Processing-Denial-Of-Service CVE-2014-3859 DNS-UDP_ISC-Bind-Edns-Option-Processing-Denial-Of-Service Potential Compromise
Fingerprint regexp changed
High ISC-Bind-Buffer.c-Require-Assertion-Failure-Denial-Of-Service CVE-2015-8705 DNS-UDP_ISC-Bind-Buffer.c-Require-Assertion-Failure-Denial-Of-Service-CVE-2015-8705 Suspected Compromise
Name: DNS-UDP_ISC-Bind-Buffer.c-Require-Assertion-Failure-Denial-Of-Service->DNS-UDP_ISC-Bind-Buffer.c-Require-Assertion-Failure-Denial-Of-Service-CVE-2015-8705
Description has changed
Category tag situation Suspected Compromise added
Category tag situation Potential Compromise removed
Fingerprint regexp changed

HTTP Request URI

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Trihedral-Vtscada-Wap-Filter-Bypass-CVE-2016-4510 CVE-2016-4510 HTTP_CSU-Trihedral-Vtscada-Wap-Filter-Bypass-CVE-2016-4510 Suspected Compromise
Name: HTTP_CSU-Trihedral-Vtscada-Wap-Filter-Bypass->HTTP_CSU-Trihedral-Vtscada-Wap-Filter-Bypass-CVE-2016-4510
Fingerprint regexp changed

HTTP Request Header Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Squid-Proxy-HTTP-Message-Processing-Buffer-Overread CVE-2023-49285 HTTP_CSH-Squid-Proxy-HTTP-Message-Processing-Buffer-Overread Potential Compromise
Comment has changed

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Phpmyadmin-Preg_Replace-Function-Code-Injection CVE-2013-3238 HTTP_CRL-Phpmyadmin-Preg_Replace-Function-Code-Injection Suspected Compromise
Comment has changed
Fingerprint regexp changed
High Centreon-Web-Updatecontactservicecommands-SQL-Injection CVE-2024-23117 HTTP_CRL-Centreon-Web-Updatecontactservicecommands-SQL-Injection Suspected Compromise
Comment has changed
High Craft-CMS-Remote-Code-Execution-CVE-2025-32432 CVE-2025-32432 HTTP_CRL-Craft-CMS-Remote-Code-Execution-CVE-2025-32432 Suspected Compromise
Fingerprint regexp changed
High Phpmyadmin-Index.php-Local-File-Inclusion-CVE-2018-12613 CVE-2018-12613 HTTP_CRL-Phpmyadmin-Index.php-Local-File-Inclusion-CVE-2018-12613 Suspected Compromise
Name: HTTP_CRL-Phpmyadmin-Index.php-Local-File-Inclusion->HTTP_CRL-Phpmyadmin-Index.php-Local-File-Inclusion-CVE-2018-12613
Comment has changed
Fingerprint regexp changed
High Phpmyadmin-Navigation-Tree-Stored-Cross-Site-Scripting CVE-2018-19970 HTTP_CRL-Phpmyadmin-Navigation-Tree-Stored-Cross-Site-Scripting Suspected Compromise
Comment has changed
Fingerprint regexp changed
High HPE-Intelligent-Management-Center-Externalizable-Deserialization-CVE-2019-11944 CVE-2019-11944 HTTP_CRL-Amf-Externalizable-Deserialization Suspected Compromise
Name: HTTP_CRL-HPE-Intelligent-Management-Center-Amf3-Externalizable-Deserialization->HTTP_CRL-Amf-Externalizable-Deserialization
Comment has changed
Description has changed
Category tag group CVE2017 added
Fingerprint regexp changed
High Belkin-Wemo-UPnP-Remote-Code-Execution-CVE-2019-12780 CVE-2019-12780 HTTP_CRL-Belkin-Wemo-UPnP-Remote-Code-Execution-CVE-2019-12780 Suspected Compromise
Name: HTTP_CSU-Belkin-Wemo-UPnP-Remote-Code-Execution->HTTP_CRL-Belkin-Wemo-UPnP-Remote-Code-Execution-CVE-2019-12780
Description has changed
Category tag group CVE2019 added
Fingerprint regexp changed
Low VMware-User-Credential-Verification-Request-To-Authentication-Server CVE-2022-22972 HTTP_CRL-VMware-User-Credential-Verification-Request-To-Authentication-Server Possibly Unwanted Content
Description has changed

Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Malicious-Internet-Shortcut-File No CVE/CAN File-Text_Suspicious-Internet-Shortcut-File Suspected Compromise
Description has changed
Category tag group MS2024-11 added
Category tag group CVE2024 added
High Squid-Proxy-Esi-Response-Processing-Esi_Assign-Underflow-Denial-Of-Service CVE-2024-45802 File-Text_Squid-Proxy-Esi-Response-Processing-Esi_Assign-Underflow-Denial-Of-Service Suspected Compromise
Comment has changed
High Squid-Proxy-Esi-Response-Processing-Nullpointer-Denial-Of-Service-CVE-2024-45802 CVE-2024-45802 File-Text_Squid-Proxy-Esi-Response-Processing-Nullpointer-Denial-Of-Service-CVE-2024-45802 Suspected Compromise
Comment has changed
Critical Freetype-Heap-Buffer-Overflow-CVE-2020-15999 CVE-2020-15999 File-Text_Freetype-Heap-Buffer-Overflow-CVE-2020-15999 Suspected Compromise
Detection mechanism updated
High Phpmyadmin-Searchcontroller-SQL-Injection-CVE-2020-26935 CVE-2020-26935 File-Text_Phpmyadmin-Searchcontroller-SQL-Injection-CVE-2020-26935 Suspected Compromise
Name: File-Text_Phpmyadmin-Searchcontroller-SQL-Injection->File-Text_Phpmyadmin-Searchcontroller-SQL-Injection-CVE-2020-26935
Comment has changed

Other Binary File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
Critical Freetype-Heap-Buffer-Overflow-CVE-2020-15999 CVE-2020-15999 File-Binary_Freetype-Heap-Buffer-Overflow-CVE-2020-15999 Suspected Compromise
Fingerprint regexp changed
High Microsoft-Windows-Jet-Database-CVE-2019-1359-Out-Of-Bounds-Write CVE-2019-1359 File-Binary_Microsoft-Windows-Jet-Database-CVE-2019-1359-Out-Of-Bounds-Write Potential Compromise
Detection mechanism updated
High Oracle-Java-Font-Parsing-maxPoints-Heap-Buffer-Overflow No CVE/CAN File-Binary_Oracle-Java-Font-Parsing-maxPoints-Heap-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed

PDF File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High JavaScript-In-PDF No CVE/CAN File-PDF_JavaScript-With-Open-Action-In-PDF Potential Compromise
Fingerprint regexp changed

Identified Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Malicious-Internet-Shortcut-File No CVE/CAN File-TextId_Suspicious-Internet-Shortcut-File Suspected Compromise
Description has changed
Category tag group MS2024-11 added
Category tag group CVE2024 added

LIST OF OTHER CHANGES:

New objects:

Type Name
VPN Gateway Type Forcepoint NGFW 7.3
VPN Profile CNSA-GCM-256-DH-3072
VPN Profile CNSA-GCM-256-DH-4096
VPN Profile CNSA-GCM-256-ECDH-384
Category GeoVision

Updated objects:

Type Name Changes
Situation Internal Certificate expires soon
Situation HTTP_CSU-Shared-Variables
Situation HTTP_CS-Shared-Variables-For-Client-Stream-Context
Fingerprint regexp changed
Situation HTTP_CRL-Shared-Variables
Situation File-Text_NTLM-Hash-Disclosure-CVE-2024-43451
Description has changed
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag group MS2024-11 removed
Category tag group CVE2024 removed
Category tag os_not_specific Windows not specific removed
Category tag situation Suspected Compromise removed
Category tag group Severity over 4 Correlation Dependency Group removed
Situation File-TextId_NTLM-Hash-Disclosure-CVE-2024-43451
Description has changed
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag group MS2024-11 removed
Category tag group CVE2024 removed
Category tag os_not_specific Windows not specific removed
Category tag situation Suspected Compromise removed
Category tag group Severity over 4 Correlation Dependency Group removed
Application TOR
Application Microsoft-Intune
Application NordVPN
Certificate Authority Baltimore CyberTrust Root
Marked for removal
Situation File_Blocked-Known-Bad-SHA1-2
Detection mechanism updated
IPList TOR exit nodes IP Address List
IPList Amazon AMAZON
IPList Amazon EC2
IPList TOR relay nodes IP Address List
IPList Botnet IP Address List
IPList Malicious Site IP Address List
IPList NordVPN Servers IP Address List
IPList Amazon AMAZON ap-southeast-2
IPList Amazon AMAZON ca-central-1
IPList Amazon EC2 ca-central-1
IPList Amazon AMAZON eu-north-1
IPList Forcepoint Drop IP Address List

DISCLAIMER AND COPYRIGHT

Copyright © 2025 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.