January 5, 2026
Summary
- New software fingerprints for HPE OneView and Hack the Box.
- New ASM risk fingerprints for SmarterMail services vulnerable to CVE-2025-52691, exposed HPE OneView services, unauthenticated ZeroMQ services, and unauthenticated NATS services.
- Added support for ingesting and excluding cloud resources from the AWS
ap-east-2,ap-southeast-7, andap-southeast-6regions when using the ASM AWS Cloud Connector. - One new Rapid Response advisory and queries for SmarterMail CVE-2025-52691.
ASM
- ASM users can now configure their AWS Cloud Connectors to ingest or exclude cloud resources from the
ap-east-2,ap-southeast-7, andap-southeast-6regions.
Rapid Response
The Censys Rapid Response team published information about and queries for the following issue.
-
SmarterMail Unauthenticated Arbitrary File Upload Vulnerability Allows RCE [CVE-2025-52691]
- The following queries can be used to identify exposed and potentially vulnerable hosts.
New fingerprints
Added the following fingerprints.
Type | Name | Description | Query |
|---|---|---|---|
software | HPE OneView | This is an HPE OneView infrastructure management platform. | Platform query |
software | Hack the Box | This is a Hack the Box service or endpoint. | Platform query |
risk | Unauthenticated NATS Service | A NATS messaging system is exposed without authentication. This allows unauthenticated clients to publish messages to subjects and subscribe to subjects to receive published messages, potentially exposing sensitive data or allowing unauthorized data manipulation. | ASM risk query: |
risk | Unauthenticated ZeroMQ Service | A ZeroMQ service is exposed without authentication. ZeroMQ services allow unauthenticated clients to connect and interact with the messaging system, which introduces a risk of unintended data exposure or manipulation. | ASM risk query: |
risk | Vulnerable SmarterMail [CVE-2025-52691] | This SmarterMail server is running a build version vulnerable to CVE-2025-52691, an arbitrary file upload vulnerability that allows unauthenticated attackers to upload arbitrary files to any location on the mail server, potentially enabling remote code execution. Build versions 9406 and earlier are vulnerable. | ASM risk query: |
risk | Exposed HPE OneView | An HPE OneView infrastructure management application is exposed to the Internet. | ASM risk query: |