Release notes for update package 1870-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:	Thursday April 24, 2025
MD5 CHECKSUM:	e4154e84765acb01471811943b6d51eb
SHA1 CHECKSUM:	136b1ff4382acff760e069da56cc7503ef80adf8
SHA256 CHECKSUM:	d878921ea357a9417fa51107a8375d15e4d7718ff52a592f6c1b4ecfac5aa7de

UPDATE CRITICALITY: HIGH

MINIMUM SOFTWARE VERSIONS

- Forcepoint NGFW Security Management Center:	6.10.1.11125
- Forcepoint NGFW:	6.8.1.24103

List of detected attacks in this update package:

Risk level	Description	Reference	Vulnerability
High	An attempt to exploit a vulnerability in BentoML detected	CVE-2025-32375	BentoML-Runner-Server-RCE-CVE-2025-32375
High	An attempt to exploit a vulnerability in BentoML detected	CVE-2025-27520	BentoML-RCE-CVE-2025-27520
High	An attempt to exploit a vulnerability in WordPress Project Husky Products Filter Plugin detected	CVE-2025-1661	Wordpress-Husky-Products-Filter-Plugin-Local-File-Inclusion-CVE-2025-1661
High	An attempt to exploit a vulnerability in Fortinet FortiOS	CVE-2024-45324	Fortinet-Multiple-Products-Certificate-Import-Format-String-CVE-2024-45324

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Fortinet-Multiple-Products-Certificate-Import-Format-String-CVE-2024-45324	CVE-2024-45324	HTTP_CS-Fortinet-Multiple-Products-Certificate-Import-Format-String-CVE-2024-45324	Suspected Compromise

HTTP Normalized Request-Line

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Wordpress-Husky-Products-Filter-Plugin-Local-File-Inclusion-CVE-2025-1661	CVE-2025-1661	HTTP_CRL-Wordpress-Husky-Products-Filter-Plugin-Local-File-Inclusion-CVE-2025-1661	Suspected Compromise

Text File Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	BentoML-RCE-CVE-2025-27520	CVE-2025-27520	File-Text_BentoML-RCE-CVE-2025-27520	Suspected Compromise
High	BentoML-Runner-Server-RCE-CVE-2025-32375	CVE-2025-32375	File-Text_BentoML-Runner-Server-RCE-CVE-2025-32375	Suspected Compromise

Updated detected attacks:

DNS UDP Server Message

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

ISC-Bind-Dname-RRSIG-Assertion-Failure-Denial-Of-Service

CVE-2016-1286

DNS-UDP_ISC-Bind-Dname-RRSIG-Assertion-Failure-Denial-Of-Service

Suspected Compromise

Detection mechanism updated

High

ISC-Bind-RRSIG-Record-Response-Assertion-Failure-Denial-Of-Service

CVE-2016-9147

DNS-UDP_ISC-Bind-RRSIG-Record-Response-Assertion-Failure-Denial-Of-Service

Suspected Compromise

Fingerprint regexp changed

High

Systemd-Resolved-DNS_Packet_Read_Type_Window-Infinite-Loop

CVE-2017-15908

DNS-UDP_Systemd-Resolved-DNS_Packet_Read_Type_Window-Infinite-Loop

Suspected Compromise

Detection mechanism updated

LIST OF OTHER CHANGES:

New objects:

Type	Name
Category	BentoML

Updated objects:

Type

Name

Changes

IPList

Iraq

IPList

Saudi Arabia

IPList

Iran

IPList

Cyprus

IPList

Armenia

IPList

Kenya

IPList

DR Congo

IPList

Djibouti

IPList

Uganda

IPList

Central African Republic

IPList

Seychelles

IPList

Jordan

IPList

Kuwait

IPList

Oman

IPList

Qatar

IPList

Bahrain

IPList

United Arab Emirates

IPList

Israel

IPList

Türkiye

IPList

Egypt

IPList

Greece

IPList

Latvia

IPList

Azerbaijan

IPList

Lithuania

IPList

Georgia

IPList

Moldova

IPList

Finland

IPList

Ukraine

IPList

North Macedonia

IPList

Hungary

IPList

Bulgaria

IPList

Albania

IPList

Poland

IPList

Romania

IPList

Kosovo

IPList

Zambia

IPList

Lesotho

IPList

Mauritius

IPList

South Africa

IPList

Afghanistan

IPList

Pakistan

IPList

Bangladesh

IPList

Turkmenistan

IPList

Sri Lanka

IPList

Bhutan

IPList

India

IPList

British Indian Ocean Territory

IPList

Myanmar

IPList

Uzbekistan

IPList

Kazakhstan

IPList

Kyrgyzstan

IPList

French Southern Territories

IPList

Heard and McDonald Islands

IPList

Vietnam

IPList

Thailand

IPList

Indonesia

IPList

Laos

IPList

Taiwan

IPList

Philippines

IPList

Malaysia

IPList

China

IPList

Hong Kong

IPList

Macao

IPList

South Korea

IPList

Japan

IPList

Singapore

IPList

Russia

IPList

Australia

IPList

Christmas Island

IPList

Norfolk Island

IPList

New Zealand

IPList

Portugal

IPList

Ivory Coast

IPList

Nigeria

IPList

Gibraltar

IPList

Chad

IPList

Western Sahara

IPList

Tunisia

IPList

Spain

IPList

Denmark

IPList

Iceland

IPList

United Kingdom

IPList

Switzerland

IPList

Sweden

IPList

The Netherlands

IPList

Austria

IPList

Belgium

IPList

Germany

IPList

Luxembourg

IPList

Ireland

IPList

Monaco

IPList

France

IPList

Liechtenstein

IPList

Isle of Man

IPList

Slovakia

IPList

Czechia

IPList

Norway

IPList

Italy

IPList

Slovenia

IPList

Montenegro

IPList

Namibia

IPList

Bouvet Island

IPList

Barbados

IPList

Greenland

IPList

Paraguay

IPList

Brazil

IPList

Jamaica

IPList

Dominican Republic

IPList

Martinique

IPList

Bahamas

IPList

Anguilla

IPList

Trinidad and Tobago

IPList

St Kitts and Nevis

IPList

Dominica

IPList

Antigua and Barbuda

IPList

Saint Lucia

IPList

Turks and Caicos Islands

IPList

British Virgin Islands

IPList

St Vincent and Grenadines

IPList

Guadeloupe

IPList

Grenada

IPList

Cayman Islands

IPList

Belize

IPList

Guatemala

IPList

Honduras

IPList

Costa Rica

IPList

Venezuela

IPList

Ecuador

IPList

Colombia

IPList

Panama

IPList

Argentina

IPList

Chile

IPList

Bolivia

IPList

Peru

IPList

Mexico

IPList

Northern Mariana Islands

IPList

Guam

IPList

Puerto Rico

IPList

U.S. Virgin Islands

IPList

American Samoa

IPList

Canada

IPList

United States

IPList

Serbia

IPList

Antarctica

IPList

TOR exit nodes IP Address List

IPList

Amazon AMAZON

IPList

Amazon EC2

IPList

Google Servers

IPList

TOR relay nodes IP Address List

IPList

Botnet IP Address List

IPList

Malicious Site IP Address List

IPList

NordVPN Servers IP Address List

IPList

Amazon AMAZON ca-central-1

IPList

Amazon EC2 ca-central-1

IPList

Amazon AMAZON eu-west-2

IPList

Amazon EC2 eu-west-2

IPList

Forcepoint Drop IP Address List

Situation

HTTP_CSU-Shared-Variables

Situation

HTTP_CSH-Shared-Variables

Situation

HTTP_CS-Shared-Variables-For-Client-Stream-Context

Fingerprint regexp changed

Application

TOR

Application

NordVPN

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
In the Management Client, select Menu > File > Import > Import Update Packages.
Browse to the file, select it, then click Import.
Select Configuration, then browse to Administration > Other Elements > Updates.
Right-click the imported dynamic update package, then select Activate.
When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2025 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.