The Sophos Intrusion Prevention System shields the network from known attacks by matching the
network traffic against the signatures in the IPS Signature Database. These signatures are
developed to significantly increase detection performance and reduce the false alarms.
Applicable to: XGS-87, XGS-87(w), XGS-107, XGS-107(w),
XGS-116, XGS-116(w), XGS-126, XGS-126(w), XGS-136, XGS-136(w), XGS-2100, XGS-2300, XGS-3100,
XGS-3300, XGS-4300, XGS-4500, XG-86, XG-86(w), XG-106, XG-106(w), XG-115, XG-115(w), XG-125,
XG-125(w), XG-135, XG-135(w), XG-210, XG-230, XG-310, XG-330, XG-430, XG-450, SG-105, SG-105(w),
SG-115, SG-115(w), SG-125, SG-125(w), SG-135, SG-135(w), SG-210, SG-230, SG-310, SG-330, SG-430,
SG-450, SG-550, SG-650 and Any virtual deployment with RAM < 24GB
The table below provides details of Signatures included in this release.
This IPS Release includes Eighteen(18) Signatures
to address
Sixteen(16) Vulnerabilities.
Fixed issues, listed by ID, description, explanation and Workaround.
| Name |
CVE-ID |
Category |
Severity |
| SERVER-WEBAPP Commvault Command Center CVE-2025-34028 Path Traversal Vulnerability |
CVE-2025-34028 |
server-webapp |
1 |
| SERVER-WEBAPP FlowiseAI Flowise attachments CVE-2025-26319 Directory Traversal |
CVE-2025-26319 |
server-webapp |
1 |
| SERVER-WEBAPP Gladinet CentreStack .NET object CVE-2025-30406 Deserialization Attempt |
CVE-2025-30406 |
server-webapp |
2 |
| SERVER-WEBAPP Gladinet CentreStack .NET object deserialization attempt |
CVE-2025-30406 |
server-webapp |
2 |
| SERVER-WEBAPP GLPI-Project GLPI Inventory handleAgent CVE-2025-24799 SQL Injection |
CVE-2025-24799 |
server-webapp |
2 |
| SERVER-WEBAPP Ivanti Endpoint Manager serverAsset updateAssetInfo CVE-2024-13162 SQL Injection Vulnerability |
CVE-2024-13162 |
server-webapp |
3 |
| SERVER-WEBAPP Kubernetes ingress-nginx remote code execution attempt |
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24514 |
server-webapp |
2 |
| SERVER-WEBAPP Microsoft SharePoint Server Business Data Connectivity ExecuteBdcMethod CVE-2024-38227 Unsafe Reflection Vulnerability |
CVE-2024-38227 |
server-webapp |
2 |
| SERVER-WEBAPP Microsoft SharePoint Server Business Data Connectivity ExecuteBdcMethod CVE-2024-38227 Unsafe Reflection Vulnerability |
CVE-2024-38227 |
server-webapp |
5 |
| SERVER-WEBAPP OpenEMR Bronchitis Form CVE-2025-30161 Stored Cross-Site Scripting |
CVE-2025-30161 |
server-webapp |
2 |
| SERVER-WEBAPP Riello Netman 204 - CVE-2024-8877 SQL Injection Attempt |
CVE-2024-8877 |
server-webapp |
1 |
| SERVER-WEBAPP ruby-saml XMLSecurity Namespace Collision CVE-2025-25292 Authentication Bypass Vulnerability |
CVE-2025-25292 |
server-webapp |
3 |
| SERVER-WEBAPP Vendure Commerce Platform CVE-2024-48914 Denial of Service |
CVE-2024-48914 |
server-webapp |
1 |
| SERVER-WEBAPP WordPress TI WooCommerce Wishlist plugin CVE-2024-43917 SQL Injection Vulnerability |
CVE-2024-43917 |
server-webapp |
3 |
| SERVER-WEBAPP WP Automatic Allows CVE-2024-27954 Path Traversal Vulnerability |
CVE-2024-27954 |
server-webapp |
1 |
| SERVER-WEBAPP Zimbra Collaboration Suite remote code execution attempt |
CVE-2015-1197, CVE-2022-41352 |
server-webapp |
1 |
The Sophos Intrusion Prevention System shields the network from known attacks by matching
the network traffic against the signatures in the IPS Signature Database. These
signatures are developed to significantly increase detection performance and reduce the
false alarms.
Applicable to: XG-550, XG-650, XG-750, XGS-5500,
XGS-6500 and Any virtual deployment with RAM >24GB
The table below provides details of Signatures included in this release.
This IPS Release includes Twenty (20) Signatures
to address
Eighteen(18) Vulnerabilities.
Fixed issues, listed by ID, description, explanation and Workaround.
| Name |
CVE-ID |
Category |
Severity |
| SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt |
CVE-2025-32433 |
server-other |
1 |
| SERVER-WEBAPP Commvault Command Center CVE-2025-34028 Path Traversal Vulnerability |
CVE-2025-34028 |
server-webapp |
1 |
| SERVER-WEBAPP CyberPanel website.py submitWebsiteCreation CVE-2024-53376 Command Injection |
CVE-2024-53376 |
server-webapp |
1 |
| SERVER-WEBAPP FlowiseAI Flowise attachments CVE-2025-26319 Directory Traversal |
CVE-2025-26319 |
server-webapp |
1 |
| SERVER-WEBAPP Gladinet CentreStack .NET object CVE-2025-30406 Deserialization Attempt |
CVE-2025-30406 |
server-webapp |
2 |
| SERVER-WEBAPP Gladinet CentreStack .NET object deserialization attempt |
CVE-2025-30406 |
server-webapp |
2 |
| SERVER-WEBAPP GLPI-Project GLPI Inventory handleAgent CVE-2025-24799 SQL Injection |
CVE-2025-24799 |
server-webapp |
2 |
| SERVER-WEBAPP Ivanti Endpoint Manager serverAsset updateAssetInfo CVE-2024-13162 SQL Injection Vulnerability |
CVE-2024-13162 |
server-webapp |
3 |
| SERVER-WEBAPP Kubernetes ingress-nginx remote code execution attempt |
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24514 |
server-webapp |
2 |
| SERVER-WEBAPP Microsoft SharePoint Server Business Data Connectivity ExecuteBdcMethod CVE-2024-38227 Unsafe Reflection Vulnerability |
CVE-2024-38227 |
server-webapp |
2 |
| SERVER-WEBAPP Microsoft SharePoint Server Business Data Connectivity ExecuteBdcMethod CVE-2024-38227 Unsafe Reflection Vulnerability |
CVE-2024-38227 |
server-webapp |
5 |
| SERVER-WEBAPP OpenEMR Bronchitis Form CVE-2025-30161 Stored Cross-Site Scripting |
CVE-2025-30161 |
server-webapp |
2 |
| SERVER-WEBAPP Riello Netman 204 - CVE-2024-8877 SQL Injection Attempt |
CVE-2024-8877 |
server-webapp |
1 |
| SERVER-WEBAPP ruby-saml XMLSecurity Namespace Collision CVE-2025-25292 Authentication Bypass Vulnerability |
CVE-2025-25292 |
server-webapp |
3 |
| SERVER-WEBAPP Vendure Commerce Platform CVE-2024-48914 Denial of Service |
CVE-2024-48914 |
server-webapp |
1 |
| SERVER-WEBAPP WordPress TI WooCommerce Wishlist plugin CVE-2024-43917 SQL Injection Vulnerability |
CVE-2024-43917 |
server-webapp |
3 |
| SERVER-WEBAPP WP Automatic Allows CVE-2024-27954 Path Traversal Vulnerability |
CVE-2024-27954 |
server-webapp |
1 |
| SERVER-WEBAPP Zimbra Collaboration Suite remote code execution attempt |
CVE-2015-1197, CVE-2022-41352 |
server-webapp |
1 |
Name: Name of the Signature.
CVE-ID: CVE Identification Number - Common
Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for
publicly known information security vulnerabilities.
Category: Class type according to threat.
Severity: Degree of severity - The levels of
severity are described in the table below:
Fixed issues, listed by ID, description, explanation and
Workaround.
| Severity Level |
Severity Criteria |
| 1 |
Critical |
| 2 |
Major |
| 3 |
Moderate |
| 4 |
Minor |
| 5 |
Warning |
Important Notice
Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be
accurate and reliable at the time of printing, but is presented without warranty
of any kind, expressed or implied. Users must take full responsibility for their
application of any products. Sophos Technologies Pvt. Ltd. assumes no
responsibility for any errors that may appear in this document. Sophos
Technologies Pvt. Ltd. reserves the right, without notice to make changes in
product design or specifications. Information is subject to change without
notice.
RESTRICTED RIGHTS
©1997 - 2025 Sophos Ltd. All rights reserved.
All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies
Pvt. Ltd.
Corporate Headquarters
Sophos Technologies Pvt. Ltd.
Registered in England and Wales No. 2096520,
The Pentagon, Abingdon Science Park,
Abingdon, OX14 3YP, UK
Web site: www.sophos.com