The Sophos Intrusion Prevention System shields the network from known attacks by matching the
network traffic against the signatures in the IPS Signature Database. These signatures are
developed to significantly increase detection performance and reduce the false alarms.
Applicable to: XGS-87, XGS-87(w), XGS-107, XGS-107(w),
XGS-116, XGS-116(w), XGS-126, XGS-126(w), XGS-136, XGS-136(w), XGS-2100, XGS-2300, XGS-3100,
XGS-3300, XGS-4300, XGS-4500, XG-86, XG-86(w), XG-106, XG-106(w), XG-115, XG-115(w), XG-125,
XG-125(w), XG-135, XG-135(w), XG-210, XG-230, XG-310, XG-330, XG-430, XG-450, SG-105, SG-105(w),
SG-115, SG-115(w), SG-125, SG-125(w), SG-135, SG-135(w), SG-210, SG-230, SG-310, SG-330, SG-430,
SG-450, SG-550, SG-650 and Any virtual deployment with RAM < 24GB
The table below provides details of Signatures included in this release.
This IPS Release includes Nineteen(19) Signatures
to address
Seventeen(17) Vulnerabilities.
Fixed issues, listed by ID, description, explanation and Workaround.
| Name |
CVE-ID |
Category |
Severity |
| FILE-OFFICE Microsoft Excel remote code execution attempt |
CVE-2025-21362, CVE-2025-49696 |
file-office |
1 |
| FILE-OFFICE Microsoft Office remote code execution attempt |
CVE-2025-49695 |
file-office |
1 |
| OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt |
CVE-2025-49724 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt |
CVE-2025-47987 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt |
CVE-2025-49744 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt |
CVE-2025-47981 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt |
CVE-2025-48799 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt |
CVE-2025-49727 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows WMPhoto setUniformTiling CVE-2025-29962 Heap-based Buffer Overflow Vulnerability |
CVE-2025-29962 |
os-windows |
2 |
| SERVER-MSSQL Microsoft SQL Server memory leak attempt |
CVE-2025-49718 |
server-mssql |
1 |
| SERVER-WEBAPP Aiohttp Static Routing CVE-2024-23334 Directory Traversal Attempt |
CVE-2024-23334 |
server-webapp |
2 |
| SERVER-WEBAPP Akamai CloudTest CVE-2025-49493 XML External Entity Injection Vulnerability |
CVE-2025-49493 |
server-webapp |
3 |
| SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt |
CVE-2021-20090 |
server-webapp |
1 |
| SERVER-WEBAPP Arcadyan routers path traversal attempt |
CVE-2021-20090 |
server-webapp |
1 |
| SERVER-WEBAPP GestioIP CVE-2024-48760 File Upload Vulnerability |
CVE-2024-48760 |
server-webapp |
1 |
| SERVER-WEBAPP Microsoft SharePoint remote code execution attempt |
CVE-2025-49704 |
server-webapp |
1 |
| SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt |
CVE-2025-49701 |
server-webapp |
1 |
The Sophos Intrusion Prevention System shields the network from known attacks by matching
the network traffic against the signatures in the IPS Signature Database. These
signatures are developed to significantly increase detection performance and reduce the
false alarms.
Applicable to: XG-550, XG-650, XG-750, XGS-5500,
XGS-6500 and Any virtual deployment with RAM >24GB
The table below provides details of Signatures included in this release.
This IPS Release includes Twenty six(26) Signatures
to address
Twenty three(23) Vulnerabilities.
Fixed issues, listed by ID, description, explanation and Workaround.
| Name |
CVE-ID |
Category |
Severity |
| BROWSER-CHROME Google Chrome CVE-2025-6554 Type confusion Vulnerability |
CVE-2025-6554 |
browser-chrome |
2 |
| FILE-OFFICE Microsoft Excel remote code execution attempt |
CVE-2025-21362, CVE-2025-49696 |
file-office |
1 |
| FILE-OFFICE Microsoft Office remote code execution attempt |
CVE-2025-49695 |
file-office |
1 |
| MALWARE-CNC Win.Trojan.FakeKeys variant CNC outbound connection |
|
malware-cnc |
1 |
| OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt |
CVE-2025-49724 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt |
CVE-2025-47987 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt |
CVE-2025-49744 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt |
CVE-2025-47981 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt |
CVE-2025-48799 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt |
CVE-2025-49727 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows WMPhoto setUniformTiling CVE-2025-29962 Heap-based Buffer Overflow Vulnerability |
CVE-2025-29962 |
os-windows |
2 |
| SERVER-MSSQL Microsoft SQL Server memory leak attempt |
CVE-2025-49718 |
server-mssql |
1 |
| SERVER-OTHER D-Link hedwig.cgi directory traversal attempt |
CVE-2024-0769 |
server-other |
1 |
| SERVER-WEBAPP Aiohttp Static Routing CVE-2024-23334 Directory Traversal Attempt |
CVE-2024-23334 |
server-webapp |
2 |
| SERVER-WEBAPP Akamai CloudTest CVE-2025-49493 XML External Entity Injection Vulnerability |
CVE-2025-49493 |
server-webapp |
3 |
| SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt |
CVE-2021-20090 |
server-webapp |
1 |
| SERVER-WEBAPP Arcadyan routers path traversal attempt |
CVE-2021-20090 |
server-webapp |
1 |
| SERVER-WEBAPP GestioIP CVE-2024-48760 File Upload Vulnerability |
CVE-2024-48760 |
server-webapp |
1 |
| SERVER-WEBAPP Microsoft SharePoint remote code execution attempt |
CVE-2025-49704 |
server-webapp |
1 |
| SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt |
CVE-2025-49701 |
server-webapp |
1 |
| SERVER-WEBAPP SonicWall SMA100 Importlogo CVE-2025-32821 Directory Traversal Vulnerability |
CVE-2025-32821 |
server-webapp |
1 |
| SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2205 attack attempt |
CVE-2025-46410 |
server-webapp |
1 |
| SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2206 attack attempt |
CVE-2025-53084 |
server-webapp |
1 |
Name: Name of the Signature.
CVE-ID: CVE Identification Number - Common
Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for
publicly known information security vulnerabilities.
Category: Class type according to threat.
Severity: Degree of severity - The levels of
severity are described in the table below:
Fixed issues, listed by ID, description, explanation and
Workaround.
| Severity Level |
Severity Criteria |
| 1 |
Critical |
| 2 |
Major |
| 3 |
Moderate |
| 4 |
Minor |
| 5 |
Warning |
Important Notice
Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be
accurate and reliable at the time of printing, but is presented without warranty
of any kind, expressed or implied. Users must take full responsibility for their
application of any products. Sophos Technologies Pvt. Ltd. assumes no
responsibility for any errors that may appear in this document. Sophos
Technologies Pvt. Ltd. reserves the right, without notice to make changes in
product design or specifications. Information is subject to change without
notice.
RESTRICTED RIGHTS
©1997 - 2025 Sophos Ltd. All rights reserved.
All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies
Pvt. Ltd.
Corporate Headquarters
Sophos Technologies Pvt. Ltd.
Registered in England and Wales No. 2096520,
The Pentagon, Abingdon Science Park,
Abingdon, OX14 3YP, UK
Web site: www.sophos.com