The Sophos Intrusion Prevention System shields the network from known attacks by matching the
network traffic against the signatures in the IPS Signature Database. These signatures are
developed to significantly increase detection performance and reduce the false alarms.
Applicable to: XGS-87, XGS-87(w), XGS-107, XGS-107(w),
XGS-116, XGS-116(w), XGS-126, XGS-126(w), XGS-136, XGS-136(w), XGS-2100, XGS-2300, XGS-3100,
XGS-3300, XGS-4300, XGS-4500, XG-86, XG-86(w), XG-106, XG-106(w), XG-115, XG-115(w), XG-125,
XG-125(w), XG-135, XG-135(w), XG-210, XG-230, XG-310, XG-330, XG-430, XG-450, SG-105, SG-105(w),
SG-115, SG-115(w), SG-125, SG-125(w), SG-135, SG-135(w), SG-210, SG-230, SG-310, SG-330, SG-430,
SG-450, SG-550, SG-650 and Any virtual deployment with RAM < 24GB
The table below provides details of Signatures included in this release.
This IPS Release includes Twenty seven(27) Signatures
to address
Twenty three(23) Vulnerabilities.
Fixed issues, listed by ID, description, explanation and Workaround.
| Name |
CVE-ID |
Category |
Severity |
| BROWSER-CHROME Google Chrome NavigationURLLoaderImpl CVE-2023-6112 Use-After-Free Attempt |
CVE-2023-6112 |
browser-chrome |
1 |
| BROWSER-CHROME Google Chrome V8 engine memory corruption attempt |
CVE-2024-7965 |
browser-chrome |
2 |
| BROWSER-IE Microsoft Internet Explorer center element dynamic manipulation attempt |
CVE-2012-1523 |
browser-ie |
2 |
| BROWSER-PLUGINS Attachmate Reflection FTP Client ActiveX clsid access attempt |
CVE-2014-0603 |
browser-plugins |
1 |
| FILE-IMAGE Foxit Reader parsing JPEG with ConvertToPDF remote code execution attempt |
CVE-2020-8844 |
file-image |
1 |
| FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt |
CVE-2013-0726 |
file-other |
1 |
| FILE-OTHER Microsoft Windows SmartScreen Security CVE-2023-36025 Bypass Attempt |
CVE-2023-36025 |
file-other |
2 |
| OS-WINDOWS Microsoft Windows potential malicious Shortcut file download attempt |
CVE-2023-32046, CVE-2023-36025, CVE-2024-43451, CVE-2025-21377 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt |
CVE-2022-23253 |
os-windows |
5 |
| SERVER-APACHE Apache Tomcat Partial PUT Path CVE-2025-24813 Remote Code Execution Vulnerability |
CVE-2025-24813 |
server-apache |
1 |
| SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host CVE-2007-4880 Buffer Overflow Attempt |
CVE-2007-4880 |
server-other |
1 |
| SERVER-OTHER Nero MediaHome NMMediaServerService.dll CVE-2012-5876 Denial of Service Attempt |
CVE-2002-2268, CVE-2012-5876 |
server-other |
1 |
| SERVER-WEBAPP Adobe ColdFusion invokeLoggingModule CVE-2024-53961 Directory Traversal |
CVE-2024-53961 |
server-webapp |
3 |
| SERVER-WEBAPP Adobe Commerce and Magento template engine arbitrary command execution attempt |
CVE-2022-24086 |
server-webapp |
1 |
| SERVER-WEBAPP Advantive VeraCore arbitrary file upload attempt |
CVE-2024-57968 |
server-webapp |
1 |
| SERVER-WEBAPP Advantive VeraCore CVE-2025-25181 SQL Injection Attempt |
CVE-2025-25181 |
server-webapp |
2 |
| SERVER-WEBAPP Aviatrix Controllers CVE-2024-50603 Command Injection Attempt |
CVE-2024-50603 |
server-webapp |
1 |
| SERVER-WEBAPP Hitachi Vantara Pentaho Unauthenticated CVE-2022-43769 CVE-2022-43939 Code Execution Attempt |
CVE-2022-43769, CVE-2022-43939 |
server-webapp |
2 |
| SERVER-WEBAPP Ivanti Endpoint Manager DPIDatabase GetComputerID CVE-2024-50330 SQL Injection |
CVE-2024-50330 |
server-webapp |
2 |
| SERVER-WEBAPP Ivanti Endpoint Manager DPIDatabase GetComputerID CVE-2024-50330 SQL Injection |
CVE-2024-50330 |
server-webapp |
5 |
| SERVER-WEBAPP MiniUPnPd ExecuteSoapAction memory corruption |
CVE-2013-0230 |
server-webapp |
2 |
| SERVER-WEBAPP Rhinosoft Serv-U Session Cookie CVE-2009-4006 Buffer Overflow Attempt |
CVE-2009-4006 |
server-webapp |
1 |
| SERVER-WEBAPP Zimbra Collaboration CancelPendingAccountOnlyRemoteWipe CVE-2025-25064 SQL Injection |
CVE-2025-25064 |
server-webapp |
1 |
The Sophos Intrusion Prevention System shields the network from known attacks by matching
the network traffic against the signatures in the IPS Signature Database. These
signatures are developed to significantly increase detection performance and reduce the
false alarms.
Applicable to: XG-550, XG-650, XG-750, XGS-5500,
XGS-6500 and Any virtual deployment with RAM >24GB
The table below provides details of Signatures included in this release.
This IPS Release includes Twenty seven(27) Signatures
to address
Twenty three(23) Vulnerabilities.
Fixed issues, listed by ID, description, explanation and Workaround.
| Name |
CVE-ID |
Category |
Severity |
| BROWSER-CHROME Google Chrome NavigationURLLoaderImpl CVE-2023-6112 Use-After-Free Attempt |
CVE-2023-6112 |
browser-chrome |
1 |
| BROWSER-CHROME Google Chrome V8 engine memory corruption attempt |
CVE-2024-7965 |
browser-chrome |
2 |
| BROWSER-IE Microsoft Internet Explorer center element dynamic manipulation attempt |
CVE-2012-1523 |
browser-ie |
2 |
| BROWSER-PLUGINS Attachmate Reflection FTP Client ActiveX clsid access attempt |
CVE-2014-0603 |
browser-plugins |
1 |
| FILE-IMAGE Foxit Reader parsing JPEG with ConvertToPDF remote code execution attempt |
CVE-2020-8844 |
file-image |
1 |
| FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt |
CVE-2013-0726 |
file-other |
1 |
| FILE-OTHER Microsoft Windows SmartScreen Security CVE-2023-36025 Bypass Attempt |
CVE-2023-36025 |
file-other |
2 |
| OS-WINDOWS Microsoft Windows potential malicious Shortcut file download attempt |
CVE-2023-32046, CVE-2023-36025, CVE-2024-43451, CVE-2025-21377 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt |
CVE-2022-23253 |
os-windows |
5 |
| SERVER-APACHE Apache Tomcat Partial PUT Path CVE-2025-24813 Remote Code Execution Vulnerability |
CVE-2025-24813 |
server-apache |
1 |
| SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host CVE-2007-4880 Buffer Overflow Attempt |
CVE-2007-4880 |
server-other |
1 |
| SERVER-OTHER Nero MediaHome NMMediaServerService.dll CVE-2012-5876 Denial of Service Attempt |
CVE-2002-2268, CVE-2012-5876 |
server-other |
1 |
| SERVER-WEBAPP Adobe ColdFusion invokeLoggingModule CVE-2024-53961 Directory Traversal |
CVE-2024-53961 |
server-webapp |
3 |
| SERVER-WEBAPP Adobe Commerce and Magento template engine arbitrary command execution attempt |
CVE-2022-24086 |
server-webapp |
1 |
| SERVER-WEBAPP Advantive VeraCore arbitrary file upload attempt |
CVE-2024-57968 |
server-webapp |
1 |
| SERVER-WEBAPP Advantive VeraCore CVE-2025-25181 SQL Injection Attempt |
CVE-2025-25181 |
server-webapp |
2 |
| SERVER-WEBAPP Aviatrix Controllers CVE-2024-50603 Command Injection Attempt |
CVE-2024-50603 |
server-webapp |
1 |
| SERVER-WEBAPP Hitachi Vantara Pentaho Unauthenticated CVE-2022-43769 CVE-2022-43939 Code Execution Attempt |
CVE-2022-43769, CVE-2022-43939 |
server-webapp |
2 |
| SERVER-WEBAPP Ivanti Endpoint Manager DPIDatabase GetComputerID CVE-2024-50330 SQL Injection |
CVE-2024-50330 |
server-webapp |
2 |
| SERVER-WEBAPP Ivanti Endpoint Manager DPIDatabase GetComputerID CVE-2024-50330 SQL Injection |
CVE-2024-50330 |
server-webapp |
5 |
| SERVER-WEBAPP MiniUPnPd ExecuteSoapAction memory corruption |
CVE-2013-0230 |
server-webapp |
2 |
| SERVER-WEBAPP Rhinosoft Serv-U Session Cookie CVE-2009-4006 Buffer Overflow Attempt |
CVE-2009-4006 |
server-webapp |
1 |
| SERVER-WEBAPP Zimbra Collaboration CancelPendingAccountOnlyRemoteWipe CVE-2025-25064 SQL Injection |
CVE-2025-25064 |
server-webapp |
1 |
Name: Name of the Signature.
CVE-ID: CVE Identification Number - Common
Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for
publicly known information security vulnerabilities.
Category: Class type according to threat.
Severity: Degree of severity - The levels of
severity are described in the table below:
Fixed issues, listed by ID, description, explanation and
Workaround.
| Severity Level |
Severity Criteria |
| 1 |
Critical |
| 2 |
Major |
| 3 |
Moderate |
| 4 |
Minor |
| 5 |
Warning |
Important Notice
Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be
accurate and reliable at the time of printing, but is presented without warranty
of any kind, expressed or implied. Users must take full responsibility for their
application of any products. Sophos Technologies Pvt. Ltd. assumes no
responsibility for any errors that may appear in this document. Sophos
Technologies Pvt. Ltd. reserves the right, without notice to make changes in
product design or specifications. Information is subject to change without
notice.
RESTRICTED RIGHTS
©1997 - 2025 Sophos Ltd. All rights reserved.
All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies
Pvt. Ltd.
Corporate Headquarters
Sophos Technologies Pvt. Ltd.
Registered in England and Wales No. 2096520,
The Pentagon, Abingdon Science Park,
Abingdon, OX14 3YP, UK
Web site: www.sophos.com