June 30, 2025

Five new hardware and software fingerprints and three new risks for ASM.

Rapid Response

The Censys Rapid Response team published information about and queries for the following issue.

New fingerprints

Added the following fingerprints.

Type

Name

Description

Query

hardware

Planet Router

This is a Planet Technology Corporation router or network device.

Platform query

software

Wordpress Plugin - Rank Math SEO

A very popular search engine optimization plugin for Wordpress.

Platform query

software

wordpress-plugin-wp-rocket

A wordpress performance-based plugin to speed up websites with caching.

Platform query

software

wordpress-plugin-wpforms

A wordpress plugin associated with POST forms.

Platform query

software

Wordpress Plugin - Yoast SEO

A search-engine optimization plugin for wordpress.

Platform query

risk

Vulnerable Citrix Netscaler Application [CVE-2025-6543]

This device is vulnerable to CVE-2025-6543 - A memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server, potentially leading to remote code execution.

ASM risk query:

risks.name: `Vulnerable Citrix Netscaler Application [CVE-2025-6543]`

risk

Vulnerable Citrix Netscaler Application [CVE-2025-5349, CVE-2025-5777]

This device is vulnerable to CVE-2025-5349, which involves improper access control on the NetScaler Management Interface, and CVE-2025-5777, which results from insufficient input validation leading to memory overread. Successful exploitation of CVE-2025-5349 may allow unauthorized changes or lateral movement within the network, while CVE-2025-5777 could enable attackers to read sensitive memory contents such as session tokens or credentials by hijacking sessions.

ASM risk query:

risks.name: `Vulnerable Citrix Netscaler Application [CVE-2025-5349, CVE-2025-5777]`

risk

Vulnerable Sitecore Experience Platform [CVE-2025-34509]

Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP. [CVE-2025-34509]. We cannot detect the revision number of the software, so this risk is medium confidence and assumes 10.4.1/10.3.3/10.1.4 are vulnerable.

ASM risk query:

risks.name: `Vulnerable Sitecore Experience Platform [CVE-2025-34509]`