Release notes for update package 1908-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:     Wednesday July 30, 2025
MD5 CHECKSUM:     917588eab94a708ecfa90cdde0d87345
SHA1 CHECKSUM:     9f4cb4efaca8d08a00dbe7c20cb16eb3239839a9
SHA256 CHECKSUM:     04548b096745e62c86c4224c88e5fe94d0996f4b95367161f163c9011f7ff0de


UPDATE CRITICALITY:    HIGH

List of detected attacks in this update package:

Risk level Description Reference Vulnerability
High     An attempt to exploit a vulnerability in XWiki detected     CVE-2025-32429     Xwiki-GetDeletedDocuments-SQL-Injection-CVE-2025-32429
High     An attempt to exploit a vulnerability in Microsoft Windows detected     CVE-2025-26633     Microsoft-Windows-MSC-File-Security-Feature-Bypass-CVE-2025-26633
High     An attempt to exploit a vulnerability in Sophos XG Firewall detected     CVE-2020-15504     Sophos-XG-Firewall-Hdnfilepath-SQL-Injection

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Request URI

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Xwiki-GetDeletedDocuments-SQL-Injection-CVE-2025-32429 CVE-2025-32429 HTTP_CSU-Xwiki-GetDeletedDocuments-SQL-Injection-CVE-2025-32429 Suspected Compromise

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Sophos-XG-Firewall-Hdnfilepath-SQL-Injection CVE-2020-15504 HTTP_CRL-Sophos-XG-Firewall-Hdnfilepath-SQL-Injection Suspected Compromise

Identified Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Microsoft-Windows-MSC-File-Security-Feature-Bypass-CVE-2025-26633 CVE-2025-26633 File-TextId_Microsoft-Windows-MSC-File-Security-Feature-Bypass-CVE-2025-26633 Suspected Compromise

Updated detected attacks:

DNS UDP Server Message

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Microsoft-Windows-SMTP-Service-MX-Record-Denial-Of-Service CVE-2010-0024 DNS-UDP_Microsoft-Windows-SMTP-Service-MX-Record-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed

TCP Client Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Windows-Connected-Devices-Platform-Service-Remote-Code-Execution-CVE-2025-49724 CVE-2025-49724 Generic_CS-Windows-Connected-Devices-Platform-Service-Remote-Code-Execution-CVE-2025-49724 Suspected Compromise
Category tag situation Suspected Compromise added
Category tag situation Potential Compromise removed

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Ysoserial-Generated-DotNet-Serialized-Object No CVE/CAN HTTP_CRL-Ysoserial-Generated-DotNet-Serialized-Object Suspected Compromise
Detection mechanism updated
High Cisco-ISE-Remote-Code-Execution-CVE-2025-20218 CVE-2025-20218 HTTP_CRL-Cisco-ISE-Remote-Code-Execution-CVE-2025-20218 Suspected Compromise
Name: HTTP_CRL-Citrix-ISE-Remote-Code-Execution-CVE-2025-20218->HTTP_CRL-Cisco-ISE-Remote-Code-Execution-CVE-2025-20218
Comment has changed
Description has changed
Category tag application Cisco ISE added
Category tag application Citrix ISE removed
Fingerprint regexp changed

Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Ysoserial-Generated-DotNet-Serialized-Object No CVE/CAN File-Text_Ysoserial-Generated-DotNet-Serialized-Object Suspected Compromise
Detection mechanism updated

Identified Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Ysoserial-Generated-DotNet-Serialized-Object No CVE/CAN File-TextId_Ysoserial-Generated-DotNet-Serialized-Object Suspected Compromise
Detection mechanism updated

LIST OF OTHER CHANGES:

New objects:

Type Name
Category Cisco ISE

Updated objects:

Type Name Changes
Situation URL_List-DNS-Over-HTTPS
Detection mechanism updated
IPList Yemen
IPList Iraq
IPList Iran
IPList Cyprus
IPList Syria
IPList Armenia
IPList Kenya
IPList DR Congo
IPList Djibouti
IPList Seychelles
IPList Lebanon
IPList Oman
IPList Qatar
IPList Bahrain
IPList United Arab Emirates
IPList Israel
IPList Türkiye
IPList Ethiopia
IPList Eritrea
IPList Egypt
IPList Sudan
IPList Greece
IPList Estonia
IPList Latvia
IPList Lithuania
IPList Georgia
IPList Moldova
IPList Belarus
IPList Finland
IPList Åland Islands
IPList Ukraine
IPList North Macedonia
IPList Hungary
IPList Bulgaria
IPList Albania
IPList Poland
IPList Romania
IPList Zimbabwe
IPList Botswana
IPList Mauritius
IPList Eswatini
IPList South Africa
IPList Afghanistan
IPList Pakistan
IPList Bangladesh
IPList Tajikistan
IPList Sri Lanka
IPList Bhutan
IPList India
IPList Maldives
IPList Nepal
IPList Myanmar
IPList Uzbekistan
IPList Kazakhstan
IPList Kyrgyzstan
IPList French Southern Territories
IPList Vietnam
IPList Thailand
IPList Indonesia
IPList Laos
IPList Taiwan
IPList Philippines
IPList Malaysia
IPList China
IPList Hong Kong
IPList Brunei
IPList Macao
IPList Cambodia
IPList South Korea
IPList Japan
IPList North Korea
IPList Singapore
IPList Russia
IPList Mongolia
IPList Australia
IPList Christmas Island
IPList New Zealand
IPList Congo Republic
IPList Portugal
IPList Ivory Coast
IPList Ghana
IPList Nigeria
IPList Gabon
IPList Gibraltar
IPList Gambia
IPList Chad
IPList Niger
IPList Tunisia
IPList Spain
IPList Morocco
IPList Malta
IPList Algeria
IPList Denmark
IPList Iceland
IPList United Kingdom
IPList Switzerland
IPList Sweden
IPList The Netherlands
IPList Austria
IPList Belgium
IPList Germany
IPList Luxembourg
IPList Ireland
IPList France
IPList Andorra
IPList Liechtenstein
IPList Slovakia
IPList Czechia
IPList Norway
IPList Italy
IPList Slovenia
IPList Montenegro
IPList Croatia
IPList Bosnia and Herzegovina
IPList Bouvet Island
IPList Barbados
IPList French Guiana
IPList Suriname
IPList Saint Pierre and Miquelon
IPList Greenland
IPList Paraguay
IPList Uruguay
IPList Brazil
IPList Falkland Islands
IPList Jamaica
IPList Dominican Republic
IPList Cuba
IPList Bahamas
IPList Trinidad and Tobago
IPList Saint Lucia
IPList Turks and Caicos Islands
IPList British Virgin Islands
IPList Guadeloupe
IPList Grenada
IPList Cayman Islands
IPList El Salvador
IPList Guatemala
IPList Honduras
IPList Costa Rica
IPList Venezuela
IPList Ecuador
IPList Colombia
IPList Panama
IPList Argentina
IPList Chile
IPList Peru
IPList Mexico
IPList Pitcairn Islands
IPList Kiribati
IPList Wallis and Futuna
IPList Guam
IPList Puerto Rico
IPList U.S. Virgin Islands
IPList U.S. Outlying Islands
IPList American Samoa
IPList Canada
IPList United States
IPList Serbia
IPList Antarctica
IPList Curaçao
IPList TOR exit nodes IP Address List
IPList Amazon AMAZON
IPList Amazon EC2
IPList TOR relay nodes IP Address List
IPList Amazon DYNAMODB
IPList Okta IP Address List
IPList Malicious Site IP Address List
IPList Amazon AMAZON ap-southeast-6
IPList Amazon EC2 ap-southeast-6
IPList NordVPN Servers IP Address List
IPList Zoho Meeting Servers
IPList Amazon AMAZON us-east-1
IPList Amazon EC2 us-east-1
IPList Forcepoint Drop IP Address List
IPList GitHub Services IP Address List
IPList Amazon DYNAMODB ap-southeast-6
IPList Oracle Services Network af-johannesburg-1
IPList Oracle Services Network ap-hyderabad-1
IPList Oracle Services Network ap-melbourne-1
IPList Oracle Services Network ap-mumbai-1
IPList Oracle Services Network ap-seoul-1
IPList Oracle Services Network ap-singapore-1
IPList Oracle Services Network ap-singapore-2
IPList Oracle Services Network ap-sydney-1
IPList Oracle Services Network ap-tokyo-1
IPList Oracle Services Network ca-montreal-1
IPList Oracle Services Network ca-toronto-1
IPList Oracle Services Network eu-amsterdam-1
IPList Oracle Services Network eu-frankfurt-1
IPList Oracle Services Network eu-jovanovac-1
IPList Oracle Services Network eu-madrid-1
IPList Oracle Services Network eu-marseille-1
IPList Oracle Services Network eu-milan-1
IPList Oracle Services Network eu-paris-1
IPList Oracle Services Network eu-stockholm-1
IPList Oracle Services Network eu-zurich-1
IPList Oracle Services Network il-jerusalem-1
IPList Oracle Services Network me-abudhabi-1
IPList Oracle Services Network me-dubai-1
IPList Oracle Services Network me-riyadh-1
IPList Oracle Services Network mx-monterrey-1
IPList Oracle Services Network mx-queretaro-1
IPList Oracle Services Network sa-bogota-1
IPList Oracle Services Network sa-santiago-1
IPList Oracle Services Network sa-saopaulo-1
IPList Oracle Services Network sa-valparaiso-1
IPList Oracle Services Network uk-cardiff-1
IPList Oracle Services Network uk-london-1
IPList Oracle Services Network us-ashburn-1
IPList Oracle Services Network us-chicago-1
IPList Oracle Services Network us-phoenix-1
IPList Oracle Services Network us-saltlake-2
IPList DigiCert IP Address List
IPList WeChat IP Address List
IPList Oracle Services Network us-dallas-1
Situation HTTP_CSU-Shared-Variables
Application TOR
Application DNS-Over-HTTPS
Application NordVPN
Application Zoho-Meeting-App

DISCLAIMER AND COPYRIGHT

Copyright © 2025 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.