Release notes for update package 1895-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:	Thursday June 26, 2025
MD5 CHECKSUM:	a69444d96b19257d63cc7d8a5f64ed97
SHA1 CHECKSUM:	231f4dd96644bee35843c26c7a6311d296e5634b
SHA256 CHECKSUM:	cbb3c0bd1cfa039a61c0166bdd14af66f5e6eb7464605da24c4ed8aa07d72da7

UPDATE CRITICALITY: HIGH

List of detected attacks in this update package:

Risk level	Description	Reference	Vulnerability
High	An attempt to exploit a vulnerability in HPE Insight Remote Support detected	CVE-2025-37098	HPE-Insight-Remote-Support-Directory-Traversal-CVE-2025-37098
High	An attempt to exploit a vulnerability in Fortinet FortiCamera detected	CVE-2025-32756	Fortinet-Multiple-Products-Cookieval_unwrap-Stack-Buffer-Overflow-CVE-2025-32756
High	An attempt to exploit a vulnerability in Apache Software Foundation OFBiz detected	CVE-2025-30676	Apache-Ofbiz-Referer-Stored-Cross-Site-Scripting-CVE-2025-30676
High	An attempt to exploit a vulnerability in WordPress Kubio AI Page Builder plugin detected	CVE-2025-2294	Wordpress-Kubio-AI-Page-Builder-Plugin-Template-LFI-CVE-2025-2294
High	An attempt to exploit a vulnerability in Cisco Adaptive Security Appliance detected	CVE-2014-2120	Cisco-Adaptive-Security-Appliance-Cross-Site-Scripting-CVE-2014-2120

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Request URI

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Cisco-Adaptive-Security-Appliance-Cross-Site-Scripting-CVE-2014-2120	CVE-2014-2120	HTTP_CSU-Cisco-Adaptive-Security-Appliance-Cross-Site-Scripting-CVE-2014-2120	Suspected Compromise

HTTP Request Header Line

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Apache-Ofbiz-Referer-Stored-Cross-Site-Scripting-CVE-2025-30676	CVE-2025-30676	HTTP_CSH-Apache-Ofbiz-Referer-Stored-Cross-Site-Scripting-CVE-2025-30676	Suspected Compromise
High	Fortinet-Multiple-Products-Cookieval_unwrap-Stack-Buffer-Overflow-CVE-2025-32756	CVE-2025-32756	HTTP_CSH-Fortinet-Multiple-Products-Cookieval_unwrap-Stack-Buffer-Overflow-CVE-2025-32756	Suspected Compromise

HTTP Normalized Request-Line

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Wordpress-Kubio-AI-Page-Builder-Plugin-Template-LFI-CVE-2025-2294	CVE-2025-2294	HTTP_CRL-Wordpress-Kubio-AI-Page-Builder-Plugin-Template-LFI-CVE-2025-2294	Suspected Compromise
High	HPE-Insight-Remote-Support-Directory-Traversal-CVE-2025-37098	CVE-2025-37098	HTTP_CRL-HPE-Insight-Remote-Support-Directory-Traversal-CVE-2025-37098	Suspected Compromise

Updated detected attacks:

HTTP Request URI

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Roundcube-Webmail-Remote-Code-Execution-CVE-2025-49113

CVE-2025-49113

HTTP_CSU-Roundcube-Webmail-Remote-Code-Execution-CVE-2025-49113

Suspected Compromise

Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

Type	Name
Category	Fortinet FortiCamera
Category	Fortinet FortiMail
Category	Fortinet FortiNDR
Category	Fortinet FortiRecorder
Category	Fortinet FortiVoice
Category	WordPress Kubio AI Page Builder

Updated objects:

Type

Name

Changes

Situation

WeCom URL List

Detection mechanism updated

IPList

Somalia

IPList

Yemen

IPList

Iraq

IPList

Saudi Arabia

IPList

Iran

IPList

Cyprus

IPList

Tanzania

IPList

Syria

IPList

Armenia

IPList

Kenya

IPList

DR Congo

IPList

Djibouti

IPList

Uganda

IPList

Seychelles

IPList

Jordan

IPList

Lebanon

IPList

Kuwait

IPList

Oman

IPList

Qatar

IPList

Bahrain

IPList

United Arab Emirates

IPList

Israel

IPList

Türkiye

IPList

Ethiopia

IPList

Eritrea

IPList

Egypt

IPList

Sudan

IPList

Greece

IPList

Burundi

IPList

Estonia

IPList

Latvia

IPList

Azerbaijan

IPList

Lithuania

IPList

Svalbard and Jan Mayen

IPList

Georgia

IPList

Moldova

IPList

Belarus

IPList

Finland

IPList

Åland Islands

IPList

Ukraine

IPList

North Macedonia

IPList

Hungary

IPList

Bulgaria

IPList

Albania

IPList

Poland

IPList

Romania

IPList

Kosovo

IPList

Zimbabwe

IPList

Zambia

IPList

Comoros

IPList

Lesotho

IPList

Botswana

IPList

Mauritius

IPList

South Africa

IPList

Mayotte

IPList

Mozambique

IPList

Madagascar

IPList

Afghanistan

IPList

Pakistan

IPList

Bangladesh

IPList

Tajikistan

IPList

India

IPList

British Indian Ocean Territory

IPList

Nepal

IPList

Uzbekistan

IPList

Kazakhstan

IPList

Kyrgyzstan

IPList

Vietnam

IPList

Thailand

IPList

Indonesia

IPList

Laos

IPList

Taiwan

IPList

Philippines

IPList

Malaysia

IPList

China

IPList

Hong Kong

IPList

Brunei

IPList

Cambodia

IPList

South Korea

IPList

Japan

IPList

North Korea

IPList

Singapore

IPList

Russia

IPList

Australia

IPList

Marshall Islands

IPList

Federated States of Micronesia

IPList

Nauru

IPList

New Zealand

IPList

Libya

IPList

Cameroon

IPList

Senegal

IPList

Portugal

IPList

Ivory Coast

IPList

Ghana

IPList

Nigeria

IPList

Burkina Faso

IPList

Togo

IPList

Mauritania

IPList

Benin

IPList

Gabon

IPList

Sierra Leone

IPList

São Tomé and Príncipe

IPList

Gambia

IPList

Guinea

IPList

Chad

IPList

Tunisia

IPList

Spain

IPList

Morocco

IPList

Malta

IPList

Algeria

IPList

Denmark

IPList

Iceland

IPList

United Kingdom

IPList

Switzerland

IPList

Sweden

IPList

The Netherlands

IPList

Austria

IPList

Belgium

IPList

Germany

IPList

Luxembourg

IPList

Ireland

IPList

Monaco

IPList

France

IPList

Andorra

IPList

Liechtenstein

IPList

Guernsey

IPList

Slovakia

IPList

Czechia

IPList

Norway

IPList

San Marino

IPList

Italy

IPList

Slovenia

IPList

Croatia

IPList

Bosnia and Herzegovina

IPList

Angola

IPList

Namibia

IPList

Saint Helena

IPList

Barbados

IPList

Saint Pierre and Miquelon

IPList

Paraguay

IPList

Uruguay

IPList

Brazil

IPList

Dominican Republic

IPList

Cuba

IPList

Bahamas

IPList

Anguilla

IPList

Trinidad and Tobago

IPList

St Kitts and Nevis

IPList

Dominica

IPList

Antigua and Barbuda

IPList

Aruba

IPList

British Virgin Islands

IPList

St Vincent and Grenadines

IPList

Cayman Islands

IPList

Belize

IPList

Guatemala

IPList

Costa Rica

IPList

Venezuela

IPList

Ecuador

IPList

Colombia

IPList

Panama

IPList

Argentina

IPList

Chile

IPList

Bolivia

IPList

Peru

IPList

Mexico

IPList

French Polynesia

IPList

Pitcairn Islands

IPList

Tonga

IPList

Puerto Rico

IPList

U.S. Virgin Islands

IPList

U.S. Outlying Islands

IPList

American Samoa

IPList

Canada

IPList

United States

IPList

Serbia

IPList

Antarctica

IPList

TOR exit nodes IP Address List

IPList

Amazon AMAZON

IPList

Amazon EC2

IPList

Google Servers

IPList

Akamai Servers

IPList

TOR relay nodes IP Address List

IPList

Netflix Servers

IPList

Microsoft Azure datacenter

IPList

Amazon AMAZON af-south-1

IPList

Amazon EC2 af-south-1

IPList

Amazon AMAZON_CONNECT

IPList

Amazon AMAZON ap-northeast-1

IPList

Amazon EC2 ap-northeast-1

IPList

Amazon AMAZON_CONNECT ap-northeast-1

IPList

Amazon AMAZON ap-northeast-2

IPList

Amazon EC2 ap-northeast-2

IPList

Amazon AMAZON ap-northeast-3

IPList

Amazon EC2 ap-northeast-3

IPList

Botnet IP Address List

IPList

Malicious Site IP Address List

IPList

Amazon AMAZON ap-south-1

IPList

Amazon EC2 ap-south-1

IPList

Amazon AMAZON_CONNECT ap-south-1

IPList

Amazon AMAZON ap-southeast-1

IPList

Amazon EC2 ap-southeast-1

IPList

NordVPN Servers IP Address List

IPList

Amazon AMAZON_CONNECT ap-southeast-1

IPList

Amazon AMAZON ap-southeast-2

IPList

Amazon EC2 ap-southeast-2

IPList

Amazon AMAZON_CONNECT ap-southeast-2

IPList

Amazon AMAZON ca-central-1

IPList

Amazon EC2 ca-central-1

IPList

Amazon AMAZON_CONNECT ca-central-1

IPList

Amazon AMAZON eu-central-1

IPList

Amazon EC2 eu-central-1

IPList

Amazon AMAZON_CONNECT eu-central-1

IPList

Amazon AMAZON eu-north-1

IPList

Amazon EC2 eu-north-1

IPList

Amazon AMAZON eu-west-1

IPList

Amazon EC2 eu-west-1

IPList

Amazon AMAZON eu-west-2

IPList

Amazon EC2 eu-west-2

IPList

Amazon AMAZON_CONNECT eu-west-2

IPList

Amazon AMAZON eu-west-3

IPList

Amazon EC2 eu-west-3

IPList

Amazon AMAZON sa-east-1

IPList

Amazon EC2 sa-east-1

IPList

Amazon AMAZON us-east-1

IPList

Amazon EC2 us-east-1

IPList

Amazon AMAZON_CONNECT us-east-1

IPList

Amazon AMAZON us-east-2

IPList

Amazon EC2 us-east-2

IPList

Forcepoint Drop IP Address List

IPList

Amazon AMAZON us-gov-east-1

IPList

Amazon EC2 us-gov-east-1

IPList

Amazon AMAZON us-gov-west-1

IPList

Amazon EC2 us-gov-west-1

IPList

Amazon AMAZON us-west-1

IPList

Amazon EC2 us-west-1

IPList

Amazon AMAZON us-west-2

IPList

Amazon EC2 us-west-2

IPList

Amazon AMAZON_CONNECT us-west-2

IPList

Amazon AMAZON eu-south-1

IPList

Amazon EC2 eu-south-1

IPList

Amazon AMAZON_CONNECT ap-northeast-2

IPList

Amazon AMAZON_CONNECT ap-northeast-3

IPList

WeChat IP Address List

Situation

File-Text_Possibly-Malicious-PowerShell-Commands-In-HTTP-Response

Fingerprint regexp changed

Situation

File-Text_Possible-Botnet-Shell-Script-Download

Fingerprint regexp changed

Application

Netflix

Application

Akamai-Infrastructure

Application

TOR

Application

Manoto

Application

NordVPN

Application

WeCom

DISCLAIMER AND COPYRIGHT

Copyright © 2025 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.