Sophos IPS and Application Signature update release notes

Version 18.23.50

Released on June 19, 2025

Introduction

The Release Note document for IPS and Application signature Database version 18.23.50 includes support for both, the new and the updated Signatures. The following sections describe the release in detail.

Release Information

Upgrade Applicable on: Version 18.23.49

Fixed issues, listed by ID, description, explanation and Workaround.

Appliance Model	Details of Changes			Module	More Details
All Deployments	15 Applications	16 Application Signatures	1 Application category	Application Filter	Click Here for details of changes
XGS-87, XGS-87(w), XGS-107, XGS-107(w), XGS-116, XGS-116(w), XGS-126, XGS-126(w), XGS-136, XGS-136(w), XGS-2100, XGS-2300, XGS-3100, XGS-3300, XGS-4300, XGS-4500 XG-86, XG-86(w), XG-106, XG-106(w), XG-115, XG-115(w), XG-125, XG-125(w), XG-135, XG-135(w), XG-210, XG-230, XG-310, XG-330, XG-430, XG-450 SG-105, SG-105(w), SG-115, SG-115(w), SG-125, SG-125(w), SG-135, SG-135(w), SG-210, SG-230, SG-310, SG-330, SG-430, SG-450, SG-550, SG-650 Any virtual deployment with RAM < 24GB	11 Signatures	8 Vulnerabilities	3 IPS Categories	IPS Filter	Click Here for details of changes
XG-550, XG-650, XG-750 XGS-5500, XGS-6500 Any virtual deployment with RAM >24GB	32 Signatures	22 Vulnerabilities	6 IPS Categories	IPS Filter	Click Here for details of changes

Application Name	Risk	Category
TransferNow	3	File Transfer
TransferNow File Upload	3	File Transfer
TransferNow File Download	3	File Transfer
Tresorit	3	File Transfer
Tresorit Upload	3	File Transfer
Tresorit Download	3	File Transfer
SwissTransfer	3	File Transfer
SwissTransfer Upload	3	File Transfer
SwissTransfer Download	3	File Transfer
LimeWire Upload	3	File Transfer
LimeWire Download	3	File Transfer
Filemail Upload	3	File Transfer
Filemail Download	3	File Transfer
SendGB Upload	3	File Transfer
SendGB Download	3	File Transfer

Application Name

Risk

Risk Level	Risk Criteria
1	Very Low
2	Low
3	Medium
4	High
5	Very High

Name	CVE-ID	Category	Severity
SERVER-APACHE Apache Parquet Avro CVE-2025-30065 Insecure Deserialization Vulnerability	CVE-2025-30065	server-apache	1
SERVER-APACHE Apache ShardingSphere dataSourceConfiguration CVE-2020-1947 Deserialization Attempt Vulnerability	CVE-2020-1947	server-apache	3
SERVER-OTHER Ollama ggufPadding CVE-2025-0317 Denial of Service Vulnerability	CVE-2025-0317	server-other	5
SERVER-WEBAPP Apache Kafka CVE-2025-27817 Arbitrary File Read and SSRF Vulnerability	CVE-2025-27817	server-webapp	3
SERVER-WEBAPP ASUS multiple routers command injection attempt	CVE-2023-39780	server-webapp	1
SERVER-WEBAPP Graphana CVE-2025-4123 SSRF Vulnerability	CVE-2025-4123	server-webapp	1
SERVER-WEBAPP IBM WebSphere Application Server WASPostParam Cookie CVE-2016-5983 Denial Of Service Attempt	CVE-2016-5983	server-webapp	1
SERVER-WEBAPP Yiiframework Yii 2 Arbitrary CVE-2024-58136 Behavior Injection Attempt	CVE-2024-4990, CVE-2024-58136, CVE-2025-32432	server-webapp	1

Name	CVE-ID	Category	Severity
FILE-OTHER Apple macOS CoreAudio mRemappingArray CVE-2025-31200 Memory Corruption Vulnerability	CVE-2025-31200	file-other	2
MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt		malware-cnc	1
MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt		malware-cnc	1
MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt		malware-cnc	1
OS-OTHER Apple multiple products memory corruption attempt	CVE-2020-3837, CVE-2021-30900	os-other	1
OS-OTHER Cisco Nexus OS software command injection attempt	CVE-2011-2569	os-other	1
OS-OTHER Intel x64 side-channel analysis information leak attempt	CVE-2017-5715, CVE-2017-5753, CVE-2017-5754	os-other	1
OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt		os-other	1
OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt		os-other	1
OS-OTHER TRUFFLEHUNTER TALOS-2024-2006 attack attempt		os-other	1
OS-OTHER TRUFFLEHUNTER TALOS-2024-2065 attack attempt		os-other	1
OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt		os-other	1
SERVER-APACHE Apache Parquet Avro CVE-2025-30065 Insecure Deserialization Vulnerability	CVE-2025-30065	server-apache	1
SERVER-APACHE Apache ShardingSphere dataSourceConfiguration CVE-2020-1947 Deserialization Attempt Vulnerability	CVE-2020-1947	server-apache	3
SERVER-OTHER BentoML runner server CVE-2025-32375 Remote Code Execution Vulnerability	CVE-2025-31200	server-other	1
SERVER-OTHER Coder code-server proxy CVE-2025-47269 Unintended Proxy Vulnerability	CVE-2025-47269	server-other	2
SERVER-OTHER Ollama ggufPadding CVE-2025-0317 Denial of Service Vulnerability	CVE-2025-0317	server-other	5
SERVER-WEBAPP Apache Kafka CVE-2025-27817 Arbitrary File Read and SSRF Vulnerability	CVE-2025-27817	server-webapp	3
SERVER-WEBAPP ASUS multiple routers command injection attempt	CVE-2023-39780	server-webapp	1
SERVER-WEBAPP Graphana CVE-2025-4123 SSRF Vulnerability	CVE-2025-4123	server-webapp	1
SERVER-WEBAPP IBM WebSphere Application Server WASPostParam Cookie CVE-2016-5983 Denial Of Service Attempt	CVE-2016-5983	server-webapp	1
SERVER-WEBAPP Yiiframework Yii 2 Arbitrary CVE-2024-58136 Behavior Injection Attempt	CVE-2024-4990, CVE-2024-58136, CVE-2025-32432	server-webapp	1

Severity Level	Severity Criteria
1	Critical
2	Major
3	Moderate
4	Minor
5	Warning

Sophos IPS and Application Signature Update

These release notes are for Sophos IPS and Application signature updates.

Version 18.23.50
Released on June 19, 2025

Introduction

Release Information

Upgrade Information

Application Signatures

Terms Explained

IPS Signatures

IPS Signatures

Terms Explained

Important Notice

RESTRICTED RIGHTS

Corporate Headquarters