Release notes for update package 1947-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:	Wednesday October 29, 2025
MD5 CHECKSUM:	0aaf577bde5538c46c3c1b3c83687bd3
SHA1 CHECKSUM:	49c76f47fdf8f5bac6bf6a5ca3d32c2b76058a72
SHA256 CHECKSUM:	1946302588db415c54bcb18629cdc216e0338f9c8d859584aa99316096df06e0

UPDATE CRITICALITY: HIGH

MINIMUM SOFTWARE VERSIONS

- Forcepoint NGFW Security Management Center:	6.10.1.11125
- Forcepoint NGFW:	6.8.1.24103

List of detected attacks in this update package:

Risk level	Description	Reference	Vulnerability
High	A possible attempt to exploit a vulnerability in Windows Server Update Service	CVE-2025-59287	Windows-Server-Update-Service-Remote-Code-Execution-CVE-2025-59287
High	An attempt to exploit a vulnerability in Zabbix	CVE-2025-27240	Zabbix-Visible-Name-SQL-Injection-CVE-2025-27240

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Zabbix-Visible-Name-SQL-Injection-CVE-2025-27240	CVE-2025-27240	HTTP_CS-Zabbix-Visible-Name-SQL-Injection-CVE-2025-27240	Suspected Compromise

Identified Text File Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Windows-Server-Update-Service-Remote-Code-Execution-CVE-2025-59287	CVE-2025-59287	File-TextId_WSUS-Remote-Code-Execution-CVE-2025-59287-Vulnerable-Component-Access	Suspected Compromise

Updated detected attacks:

Identified Text File Stream

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Windows-Server-Update-Service-Remote-Code-Execution-CVE-2025-59287

CVE-2025-59287

File-TextId_Windows-Server-Update-Service-Remote-Code-Execution-CVE-2025-59287

Suspected Compromise

Detection mechanism updated

LIST OF OTHER CHANGES:

New objects:

Type	Name
Category	Juniper

Updated objects:

Type

Name

Changes

Situation

Generative AI - Text and Code

Name: Generative AI - Text & Code->Generative AI - Text and Code

Situation

HTTP_CSH-Shared-Variables

Situation

HTTP_PSU-Shared-Variables

Fingerprint regexp changed

Application

Facebook

Application

TOR

Application

Amazon-WorkSpaces

Application detection context content changed

Application Port "tcp/443 tls: mandatory" -> "tcp/443 tls: free"

Application Port "tcp/4172 tls: no" -> "tcp/4172 tls: free"

Application Port "tcp/4195 tls: no" -> "tcp/4195 tls: free"

Application Port "udp/4172 tls: no" -> "udp/4172 tls: free"

Application Port "udp/4195 tls: no" -> "udp/4195 tls: free"

TLS Match identification changed from true to false

Application

DNS-Over-HTTPS

Application

NordVPN

Category

Juniper ScreenOS

Situation

URL_List-DNS-Over-HTTPS

Detection mechanism updated

IPList

Rwanda

IPList

Somalia

IPList

Yemen

IPList

Iraq

IPList

Saudi Arabia

IPList

Iran

IPList

Cyprus

IPList

Tanzania

IPList

Syria

IPList

Armenia

IPList

Kenya

IPList

DR Congo

IPList

Djibouti

IPList

Uganda

IPList

Central African Republic

IPList

Seychelles

IPList

Jordan

IPList

Lebanon

IPList

Kuwait

IPList

Oman

IPList

Qatar

IPList

Bahrain

IPList

United Arab Emirates

IPList

Israel

IPList

Türkiye

IPList

Ethiopia

IPList

Eritrea

IPList

Egypt

IPList

Sudan

IPList

Greece

IPList

Burundi

IPList

Estonia

IPList

Latvia

IPList

Azerbaijan

IPList

Lithuania

IPList

Svalbard and Jan Mayen

IPList

Georgia

IPList

Moldova

IPList

Belarus

IPList

Finland

IPList

Åland Islands

IPList

Ukraine

IPList

North Macedonia

IPList

Hungary

IPList

Bulgaria

IPList

Albania

IPList

Poland

IPList

Romania

IPList

Zimbabwe

IPList

Zambia

IPList

Comoros

IPList

Malawi

IPList

Lesotho

IPList

Botswana

IPList

Mauritius

IPList

Eswatini

IPList

Réunion

IPList

South Africa

IPList

Mayotte

IPList

Mozambique

IPList

Madagascar

IPList

Afghanistan

IPList

Pakistan

IPList

Bangladesh

IPList

Turkmenistan

IPList

Tajikistan

IPList

Sri Lanka

IPList

Bhutan

IPList

India

IPList

Maldives

IPList

British Indian Ocean Territory

IPList

Nepal

IPList

Myanmar

IPList

Uzbekistan

IPList

Kazakhstan

IPList

Kyrgyzstan

IPList

French Southern Territories

IPList

Heard and McDonald Islands

IPList

Cocos (Keeling) Islands

IPList

Palau

IPList

Vietnam

IPList

Thailand

IPList

Indonesia

IPList

Laos

IPList

Taiwan

IPList

Philippines

IPList

Malaysia

IPList

China

IPList

Hong Kong

IPList

Brunei

IPList

Macao

IPList

Cambodia

IPList

South Korea

IPList

Japan

IPList

North Korea

IPList

Singapore

IPList

Cook Islands

IPList

Timor-Leste

IPList

Russia

IPList

Mongolia

IPList

Australia

IPList

Christmas Island

IPList

Marshall Islands

IPList

Federated States of Micronesia

IPList

Papua New Guinea

IPList

Solomon Islands

IPList

Tuvalu

IPList

Nauru

IPList

Vanuatu

IPList

New Caledonia

IPList

Norfolk Island

IPList

New Zealand

IPList

Fiji

IPList

Libya

IPList

Cameroon

IPList

Senegal

IPList

Congo Republic

IPList

Portugal

IPList

Liberia

IPList

Ivory Coast

IPList

Ghana

IPList

Equatorial Guinea

IPList

Nigeria

IPList

Burkina Faso

IPList

Togo

IPList

Guinea-Bissau

IPList

Mauritania

IPList

Benin

IPList

Gabon

IPList

Sierra Leone

IPList

São Tomé and Príncipe

IPList

Gibraltar

IPList

Gambia

IPList

Guinea

IPList

Chad

IPList

Niger

IPList

Mali

IPList

Western Sahara

IPList

Tunisia

IPList

Spain

IPList

Morocco

IPList

Malta

IPList

Algeria

IPList

Faroe Islands

IPList

Denmark

IPList

Iceland

IPList

United Kingdom

IPList

Switzerland

IPList

Sweden

IPList

The Netherlands

IPList

Austria

IPList

Belgium

IPList

Germany

IPList

Luxembourg

IPList

Ireland

IPList

Monaco

IPList

France

IPList

Andorra

IPList

Liechtenstein

IPList

Jersey

IPList

Isle of Man

IPList

Guernsey

IPList

Slovakia

IPList

Czechia

IPList

Norway

IPList

Vatican City

IPList

San Marino

IPList

Italy

IPList

Slovenia

IPList

Montenegro

IPList

Croatia

IPList

Bosnia and Herzegovina

IPList

Angola

IPList

Namibia

IPList

Saint Helena

IPList

Bouvet Island

IPList

Barbados

IPList

Cabo Verde

IPList

Guyana

IPList

French Guiana

IPList

Suriname

IPList

Saint Pierre and Miquelon

IPList

Greenland

IPList

Paraguay

IPList

Uruguay

IPList

Brazil

IPList

Falkland Islands

IPList

South Georgia and the South Sandwich Islands

IPList

Jamaica

IPList

Dominican Republic

IPList

Cuba

IPList

Martinique

IPList

Bahamas

IPList

Bermuda

IPList

Anguilla

IPList

Trinidad and Tobago

IPList

St Kitts and Nevis

IPList

Dominica

IPList

Antigua and Barbuda

IPList

Saint Lucia

IPList

Turks and Caicos Islands

IPList

Aruba

IPList

British Virgin Islands

IPList

St Vincent and Grenadines

IPList

Montserrat

IPList

Saint Martin

IPList

Saint Barthélemy

IPList

Guadeloupe

IPList

Grenada

IPList

Cayman Islands

IPList

Belize

IPList

El Salvador

IPList

Guatemala

IPList

Honduras

IPList

Nicaragua

IPList

Costa Rica

IPList

Venezuela

IPList

Ecuador

IPList

Colombia

IPList

Panama

IPList

Haiti

IPList

Argentina

IPList

Chile

IPList

Bolivia

IPList

Peru

IPList

Mexico

IPList

French Polynesia

IPList

Pitcairn Islands

IPList

Kiribati

IPList

Tokelau

IPList

Tonga

IPList

Wallis and Futuna

IPList

Samoa

IPList

Niue

IPList

Northern Mariana Islands

IPList

Guam

IPList

Puerto Rico

IPList

U.S. Virgin Islands

IPList

U.S. Outlying Islands

IPList

American Samoa

IPList

Canada

IPList

United States

IPList

Palestine

IPList

Serbia

IPList

Antarctica

IPList

Sint Maarten

IPList

Curaçao

IPList

Bonaire, Sint Eustatius, and Saba

IPList

South Sudan

IPList

TOR exit nodes IP Address List

IPList

Amazon AMAZON

IPList

Amazon S3

IPList

Amazon EC2

IPList

Facebook Servers

IPList

Google Servers

IPList

Microsoft Azure datacenter for brazilsouth

IPList

TOR relay nodes IP Address List

IPList

Microsoft Azure datacenter for centralindia

IPList

Microsoft Azure datacenter for centralus

IPList

Microsoft Azure datacenter for eastus2

IPList

Microsoft Azure datacenter for eastus

IPList

Microsoft Azure datacenter for centralfrance

IPList

Microsoft Azure datacenter for northcentralus

IPList

Microsoft Azure datacenter for northeurope

IPList

Microsoft Azure datacenter for southcentralus

IPList

Microsoft Azure datacenter for westeurope

IPList

Microsoft Azure datacenter for westus2

IPList

Microsoft Azure datacenter for westus

IPList

Microsoft Azure datacenter

IPList

Amazon AMAZON af-south-1

IPList

Amazon EC2 af-south-1

IPList

Amazon AMAZON ap-east-1

IPList

Amazon EC2 ap-east-1

IPList

Amazon AMAZON ap-south-2

IPList

Amazon EC2 ap-south-2

IPList

Amazon AMAZON ap-northeast-1

IPList

Amazon EC2 me-central-1

IPList

Amazon AMAZON me-central-1

IPList

Amazon EC2 ap-northeast-1

IPList

Amazon AMAZON eu-south-2

IPList

Amazon EC2 eu-south-2

IPList

Amazon AMAZON eu-central-2

IPList

Amazon EC2 eu-central-2

IPList

Amazon AMAZON il-central-1

IPList

Amazon AMAZON ap-northeast-2

IPList

Amazon S3 ap-northeast-2

IPList

Amazon EC2 ap-northeast-2

IPList

Amazon EC2 il-central-1

IPList

Okta IP Address List

IPList

Amazon AMAZON ap-northeast-3

IPList

Amazon EC2 ap-northeast-3

IPList

Botnet IP Address List

IPList

Malicious Site IP Address List

IPList

Amazon AMAZON ap-southeast-6

IPList

Amazon EC2 ap-southeast-6

IPList

Amazon AMAZON ap-south-1

IPList

Amazon EC2 ap-south-1

IPList

Microsoft Azure datacenter for indonesiacentral

IPList

Amazon AMAZON ap-southeast-1

IPList

Amazon EC2 ap-southeast-1

IPList

NordVPN Servers IP Address List

IPList

Amazon AMAZON ap-southeast-2

IPList

Amazon EC2 ap-southeast-2

IPList

Amazon AMAZON ca-central-1

IPList

Amazon S3 ca-central-1

IPList

Amazon EC2 ca-central-1

IPList

Amazon AMAZON cn-north-1

IPList

Amazon EC2 cn-north-1

IPList

Amazon EC2 sa-west-1

IPList

Amazon AMAZON sa-west-1

IPList

Amazon AMAZON cn-northwest-1

IPList

Amazon EC2 cn-northwest-1

IPList

Amazon AMAZON eu-central-1

IPList

Amazon S3 eu-central-1

IPList

Amazon EC2 eu-central-1

IPList

Amazon AMAZON eu-north-1

IPList

Amazon EC2 eu-north-1

IPList

Amazon AMAZON ap-southeast-5

IPList

Amazon AMAZON eu-west-1

IPList

Amazon EC2 ap-southeast-5

IPList

Amazon EC2 eu-west-1

IPList

Amazon AMAZON eu-west-2

IPList

Amazon EC2 eu-west-2

IPList

Amazon AMAZON eu-west-3

IPList

Amazon EC2 eu-west-3

IPList

Amazon AMAZON me-south-1

IPList

Amazon EC2 me-south-1

IPList

Amazon AMAZON sa-east-1

IPList

Amazon EC2 sa-east-1

IPList

Amazon AMAZON us-east-1

IPList

Amazon EC2 us-east-1

IPList

Amazon AMAZON us-east-2

IPList

Amazon EC2 us-east-2

IPList

Forcepoint Drop IP Address List

IPList

Microsoft Azure service for Scuba

IPList

Amazon AMAZON us-gov-east-1

IPList

Amazon EC2 us-gov-east-1

IPList

Amazon AMAZON us-gov-west-1

IPList

Amazon EC2 us-gov-west-1

IPList

Amazon AMAZON us-west-1

IPList

Amazon EC2 us-west-1

IPList

Amazon AMAZON us-west-2

IPList

Amazon EC2 us-west-2

IPList

Amazon AMAZON eu-south-1

IPList

Amazon EC2 eu-south-1

IPList

Amazon AMAZON ap-southeast-3

IPList

Amazon EC2 ap-southeast-3

IPList

Microsoft Azure datacenter for germanyn

IPList

GitHub Actions IP Address List

IPList

Microsoft Azure service for AzureCloud

IPList

Amazon AMAZON ap-east-2

IPList

Amazon AMAZON mx-central-1

IPList

Microsoft Azure service for AzureMonitor

IPList

Amazon AMAZON ap-southeast-7

IPList

Amazon EC2 ap-southeast-7

IPList

Amazon EC2 mx-central-1

IPList

Amazon EC2 ap-east-2

IPList

Microsoft Azure datacenter for westus3

IPList

Amazon EC2 ap-southeast-4

IPList

Amazon AMAZON ap-southeast-4

IPList

Microsoft Azure datacenter for austriaeast

IPList

Microsoft Azure datacenter for israelcentral

IPList

Microsoft Azure datacenter for italynorth

IPList

Microsoft Azure datacenter for spaincentral

IPList

Amazon CLOUDFRONT_ORIGIN_FACING

IPList

Amazon AMAZON ca-west-1

IPList

Amazon EC2 ca-west-1

IPList

Oracle Services Network us-ashburn-1

IPList

Google Cloud IP Address List for europe-central2

IPList

Google Cloud IP Address List for europe-west6

IPList

Google Cloud IP Address List for us-central1

IPList

Amazon EC2 me-west-1

IPList

Microsoft Azure datacenter for southcentralus2

IPList

Amazon AMAZON me-west-1

IPList

WeChat IP Address List

IPList

OpenAI ChatGPT User Servers

IPList

Google User Triggered Fetcher Servers

IPList

Microsoft Azure datacenter for southeastus3

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
In the Management Client, select Menu > File > Import > Import Update Packages.
Browse to the file, select it, then click Import.
Select Configuration, then browse to Administration > Other Elements > Updates.
Right-click the imported dynamic update package, then select Activate.
When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2025 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.