Update #3824 - (07/09/2025)

New Signatures

Signature Name	Severity	Description
HTTP:STC:CVE-2025-49695-RCE	major	This signature detects attempts to exploit a known vulnerability against Microsoft Office. A successful attack can lead to arbitrary code execution.
HTTP:STC:CVE-2025-49696-RCE	major	This signature detects attempts to exploit a known vulnerability against Microsoft Office. A successful attack can lead to arbitrary code execution.
DB:MYSQL:CVE-2025-49718	major	This signature detects attempts to exploit a known vulnerability against Microsoft SQL Server. A successful attack can lead to sensitive information disclosure.
SMB:OF:CVE-2025-47981-CE	major	This signature detects attempts to exploit a known vulnerability against Microsoft Windows SPNEGO Extended Negotiation (NEGOEX). A successful attack can lead to arbitrary code execution.
TCP:C2S:CVE-2025-49724	major	This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to arbitrary code execution.
SMB:LINUX-KERNEL-MEMORY-DOS	major	This signature detects attempts to exploit a known vulnerability against Linux Kernel. A successful attack can result in a denial-of-service condition.
HTTP:STC:CVE-2025-49727-EOP	major	This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to elevation of privilege and arbitrary code execution.
HTTP:XSS:OPENEMR-PTNT-ADR	major	This signature detects attempts to exploit a known cross-site scripting vulnerability against OpenEMR Patient Demographics . It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
HTTP:CTS:CVE-2025-49704RCE	major	This signature detects attempts to exploit a known vulnerability against Microsoft SharePoint. A successful attack can lead to arbitrary code execution.
HTTP:SQL:INJ:ZOHO-ADSLF-RPT	major	This signature detects attempts to exploit a known vulnerability against Zoho ManageEngine ADSelfService. A successful attack can lead to command injection and arbitrary code execution.
HTTP:CTS:CYBRPNL-FLE-PY-CMD-INJ	critical	This signature detects attempts to exploit a known vulnerability against CyberPanel. A successful attack can lead to command injection and arbitrary code execution.
HTTP:SQL:INJ:OPENEMR-PHRM-SQL	major	This signature detects attempts to exploit a known vulnerability against OpenEMR. A successful attack can lead to command injection and arbitrary code execution.

Updated Signatures

Signature Name	Severity	Description
MS-RPC:ADVANTECH-WEBACCESS-BOF	major	This signature detects attempts to exploit a known vulnerability in the webvrpcs service of Advantech WebAccess. A successful attack can lead to a buffer overflow and arbitrary remote code execution under context of SYSTEM.
HTTP:CTS:CYBERPANEL-MSQL-RCE	critical	This signature detects attempts to exploit a known vulnerability against CyberPanel. A successful attack can lead to command injection and arbitrary code execution.
HTTP:STC:IE:OBJCT-PROCESSING-CE	major	This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.
HTTP:APACHE:MOD-LOG-CONFIG-DOS	major	This signature detects attempts to exploit a known vulnerability against Apache HTTP Server. A successful attack can result in a denial-of-service condition.