Release notes for update package 1858-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:	Monday March 31, 2025
MD5 CHECKSUM:	228214bfd9273cbd1b133b9b61141b92
SHA1 CHECKSUM:	f719095b172f58b27e41ebd6082c7a109c091678
SHA256 CHECKSUM:	0813d6829e44de3303fc15bf33df649d8cffca640699b708a722b2a48347738b

UPDATE CRITICALITY: HIGH

MINIMUM SOFTWARE VERSIONS

- Forcepoint NGFW Security Management Center:	6.10.1.11125
- Forcepoint NGFW:	6.8.1.24103

List of detected attacks in this update package:

Risk level	Description	Reference	Vulnerability
High	An attempt to exploit a vulnerability in Microsoft Windows detected	CVE-2025-21298	Microsoft-OLE-UtOlePresStmToContentsStm-Use-After-Free-CVE-2025-21298
High	An attempt to exploit a vulnerability in Ivanti Endpoint Manager detected	CVE-2024-50322	Ivanti-Endpoint-Manager-ECustomDataForm-OnSaveToDB-Directory-Traversal
High	An attempt to exploit a vulnerability in Ivanti Endpoint Manager detected	CVE-2024-50322	Ivanti-Endpoint-Manager-ECustomDataForm-OnSaveToDB-Directory-Traversal
High	An attempt to exploit a vulnerability in 7-Zip detected	CVE-2024-11477	7-Zip-Zstandard-Decompression-Integer-Underflow-CVE-2024-11477

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Normalized Request-Line

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Ivanti-Endpoint-Manager-ECustomDataForm-OnSaveToDB-Directory-Traversal	CVE-2024-50322	HTTP_CRL-Ivanti-Endpoint-Manager-ECustomDataForm-OnSaveToDB-Directory-Traversal	Suspected Compromise

Text File Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Ivanti-Endpoint-Manager-ECustomDataForm-OnSaveToDB-Directory-Traversal	CVE-2024-50322	File-Text_Ivanti-Endpoint-Manager-ECustomDataForm-OnSaveToDB-Directory-Traversal	Suspected Compromise

Other Binary File Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	7-Zip-Zstandard-Decompression-Integer-Underflow-CVE-2024-11477	CVE-2024-11477	File-Binary_7-Zip-Zstandard-Decompression-Integer-Underflow-CVE-2024-11477	Suspected Compromise

RTF File Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Microsoft-OLE-UtOlePresStmToContentsStm-Use-After-Free-CVE-2025-21298	CVE-2025-21298	File-RTF_Microsoft-OLE-UtOlePresStmToContentsStm-Use-After-Free-CVE-2025-21298	Suspected Compromise

Updated detected attacks:

HTTP Client Stream

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Trend-Micro-OfficeScan-Zip-Directory-Traversal-CVE-2019-18187

CVE-2019-18187

HTTP_CS-Trend-Micro-OfficeScan-Zip-Directory-Traversal-CVE-2019-18187

Suspected Compromise

Name: HTTP_CS_Trend-Micro-OfficeScan-Zip-Directory-Traversal->HTTP_CS-Trend-Micro-OfficeScan-Zip-Directory-Traversal-CVE-2019-18187

Fingerprint regexp changed

Text File Stream

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Suspicious-Jsp-File-Upload

No CVE/CAN

File-Text_Suspicious-Jsp-File-Content-Upload

Suspected Compromise

Detection mechanism updated

High

Microsoft-Edge-RCE-CVE-2017-0236

CVE-2017-0236

File-Text_Microsoft-Edge-RCE-CVE-2017-0236

Potential Compromise

Detection mechanism updated

High

Microsoft-Internet-Explorer-And-Edge-CVE-2016-7202-Memory-Corruption

CVE-2016-7202

File-Text_Microsoft-Internet-Explorer-And-Edge-CVE-2016-7202-Memory-Corruption

Potential Compromise

Detection mechanism updated

High

Microsoft-Edge-Typedarray.sort-Use-After-Free

CVE-2016-7288

File-Text_Microsoft-Edge-Typedarray.sort-Use-After-Free

Potential Compromise

Detection mechanism updated

Other Binary File Stream

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Gnu-Libextractor-Zip-File-Comment-Out-Of-Bounds-Read

CVE-2018-16430

File-Binary_Gnu-Libextractor-Zip-File-Comment-Out-Of-Bounds-Read

Potential Compromise

Fingerprint regexp changed

PDF File Stream

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Adobe-Acrobat-Reader-Dc-Annots.api-Setprops-Use-After-Free

CVE-2021-28550

File-PDF_Adobe-Acrobat-Reader-Dc-Annots.api-Setprops-Use-After-Free

Potential Compromise

Detection mechanism updated

Zip File Stream

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Php-Group-Php-Zip-Integer-Overflow

CVE-2015-2331

File-Zip_Php-Group-Php-Zip-Integer-Overflow

Potential Compromise

Fingerprint regexp changed

High

Trend-Micro-OfficeScan-Zip-Directory-Traversal-CVE-2019-18187

CVE-2019-18187

File-Zip_Trend-Micro-OfficeScan-Zip-Directory-Traversal-CVE-2019-18187

Suspected Compromise

Name: File-Zip_Trend-Micro-OfficeScan-Zip-Directory-Traversal->File-Zip_Trend-Micro-OfficeScan-Zip-Directory-Traversal-CVE-2019-18187

LIST OF OTHER CHANGES:

Updated objects:

Type	Name	Changes
IPList	Iraq
IPList	Saudi Arabia
IPList	Iran
IPList	Cyprus
IPList	Armenia
IPList	Djibouti
IPList	Central African Republic
IPList	Seychelles
IPList	Oman
IPList	Bahrain
IPList	United Arab Emirates
IPList	Israel
IPList	Türkiye
IPList	Ethiopia
IPList	Eritrea
IPList	Egypt
IPList	Greece
IPList	Burundi
IPList	Estonia
IPList	Latvia
IPList	Lithuania
IPList	Georgia
IPList	Moldova
IPList	Finland
IPList	Ukraine
IPList	Hungary
IPList	Bulgaria
IPList	Albania
IPList	Poland
IPList	Romania
IPList	Zambia
IPList	Comoros
IPList	Malawi
IPList	Botswana
IPList	Mauritius
IPList	Eswatini
IPList	South Africa
IPList	Mozambique
IPList	Madagascar
IPList	Afghanistan
IPList	Pakistan
IPList	Bangladesh
IPList	Bhutan
IPList	India
IPList	Nepal
IPList	Myanmar
IPList	Kazakhstan
IPList	Vietnam
IPList	Thailand
IPList	Indonesia
IPList	Taiwan
IPList	Philippines
IPList	Malaysia
IPList	China
IPList	Hong Kong
IPList	Brunei
IPList	Macao
IPList	Cambodia
IPList	South Korea
IPList	Japan
IPList	Singapore
IPList	Timor-Leste
IPList	Russia
IPList	Australia
IPList	Christmas Island
IPList	New Zealand
IPList	Fiji
IPList	Libya
IPList	Cameroon
IPList	Congo Republic
IPList	Portugal
IPList	Ghana
IPList	Equatorial Guinea
IPList	Nigeria
IPList	Guinea-Bissau
IPList	Benin
IPList	Gabon
IPList	Gibraltar
IPList	Gambia
IPList	Guinea
IPList	Tunisia
IPList	Spain
IPList	Malta
IPList	Denmark
IPList	Iceland
IPList	United Kingdom
IPList	Switzerland
IPList	Sweden
IPList	The Netherlands
IPList	Austria
IPList	Belgium
IPList	Germany
IPList	Luxembourg
IPList	Ireland
IPList	France
IPList	Liechtenstein
IPList	Isle of Man
IPList	Slovakia
IPList	Czechia
IPList	Norway
IPList	Italy
IPList	Slovenia
IPList	Croatia
IPList	Angola
IPList	Namibia
IPList	Barbados
IPList	Cabo Verde
IPList	Guyana
IPList	French Guiana
IPList	Suriname
IPList	Paraguay
IPList	Uruguay
IPList	Brazil
IPList	Jamaica
IPList	Dominican Republic
IPList	Cuba
IPList	Martinique
IPList	Bahamas
IPList	Bermuda
IPList	Anguilla
IPList	Trinidad and Tobago
IPList	St Kitts and Nevis
IPList	Dominica
IPList	Antigua and Barbuda
IPList	Saint Lucia
IPList	Turks and Caicos Islands
IPList	Aruba
IPList	British Virgin Islands
IPList	St Vincent and Grenadines
IPList	Montserrat
IPList	Saint Martin
IPList	Saint Barthélemy
IPList	Guadeloupe
IPList	Grenada
IPList	Cayman Islands
IPList	Belize
IPList	El Salvador
IPList	Guatemala
IPList	Honduras
IPList	Nicaragua
IPList	Costa Rica
IPList	Venezuela
IPList	Ecuador
IPList	Colombia
IPList	Panama
IPList	Haiti
IPList	Argentina
IPList	Chile
IPList	Bolivia
IPList	Peru
IPList	Mexico
IPList	French Polynesia
IPList	Guam
IPList	Puerto Rico
IPList	U.S. Virgin Islands
IPList	Canada
IPList	United States
IPList	Serbia
IPList	Antarctica
IPList	Sint Maarten
IPList	Curaçao
IPList	Bonaire, Sint Eustatius, and Saba
IPList	TOR exit nodes IP Address List
IPList	Facebook Servers
IPList	TOR relay nodes IP Address List
IPList	Malicious Site IP Address List
IPList	NordVPN Servers IP Address List
Application	Facebook
Application	TOR
Application	NordVPN

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
In the Management Client, select Menu > File > Import > Import Update Packages.
Browse to the file, select it, then click Import.
Select Configuration, then browse to Administration > Other Elements > Updates.
Right-click the imported dynamic update package, then select Activate.
When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2025 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.