Release notes for update package 1893-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:     Thursday June 19, 2025
MD5 CHECKSUM:     dc118f2ffe819ae7085c7c68c8e0a871
SHA1 CHECKSUM:     a5e921dd337bfb9d2a2903985935e594fa1c1a10
SHA256 CHECKSUM:     b4b9b7a85aa7c9d970c5c4049af23e99f216fedfb74a2ff9003c467140058723


UPDATE CRITICALITY:    HIGH

List of detected attacks in this update package:

Risk level Description Reference Vulnerability
High     An attempt to exploit a vulnerability in F5 Networks BIG-IP detected     CVE-2025-31644     F5-Big-IP-iControl-REST-Command-Injection

Jump to: Detected Attacks

DETECTED ATTACKS

New detected attacks:

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High F5-Big-IP-iControl-REST-Command-Injection CVE-2025-31644 HTTP_CRL-F5-Big-IP-iControl-REST-Command-Injection-CVE-2025-31644 Suspected Compromise

Updated detected attacks:

HTTP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High LibreNMS-API-Token-Stored-Cross-Site-Scripting CVE-2024-49754 HTTP_CS-LibreNMS-API-Token-Stored-Cross-Site-Scripting Suspected Compromise
Fingerprint regexp changed
High Ivanti-Avalanche-Securefilter-Dofilter-CVE-2024-47009-Authentication-Bypass CVE-2024-47009 HTTP_CS-Ivanti-Avalanche-Securefilter-Dofilter-CVE-2024-47009-Authentication-Bypass Suspected Disclosure
Fingerprint regexp changed
High Ivanti-Cloud-Services-Application-SendAlert-Command-Injection-CVE-2024-47908 CVE-2024-47908 HTTP_CS-Ivanti-Cloud-Services-Application-SendAlert-Command-Injection-CVE-2024-47908 Suspected Compromise
Fingerprint regexp changed
High NodeBB-IP-Blacklist-Stored-Cross-Site-Scripting-CVE-2025-29512 CVE-2025-29512 HTTP_CS-NodeBB-IP-Blacklist-Stored-Cross-Site-Scripting-CVE-2025-29512 Suspected Compromise
Fingerprint regexp changed

Other Binary File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Winace-Rar-And-Tar-Directory-Traversal-Vulnerability CVE-2006-0981 File-Binary_Path-Traversal-Via-Tar-Archive Suspected Compromise
Detection mechanism updated
High Pear-Archive-Tar-Phar-Protocol-Handling-Deserialization-Code-Execution CVE-2020-28948 File-Binary_Suspicious-File-Name-In-Tar-Archive Suspected Compromise
Description has changed
Category tag group CVE2025 added

DISCLAIMER AND COPYRIGHT

Copyright © 2025 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.