September 15, 2025

Summary

Platform

Adversary Investigation

New protocol and application scanners

Added scanners for the following services.

Protocol/applicationQuery
CRESTRON_OVER_IPPlatform query
MIKROTIK_WINBOXPlatform query

New fingerprints

Added the following fingerprints.

TypeNameDescriptionQuery
riskVulnerable SAP NetWeaver AS Java [CVE-2025-42922]SAP NetWeaver AS Java (Deploy Web Service component), versions under J2EE-APPS 7.50, is vulnerable to an insecure file operations issue. The flaw allows an attacker with non-administrative authenticated access to upload arbitrary files through the deployment web service. Once an uploaded file is executed, the attacker may achieve full system compromise.ASM risk query:
risks.name: `Vulnerable SAP NetWeaver AS Java [CVE-2025-42922]`
riskVulnerable Sitecore Experience Platform [CVE-2025-53690]Sitecore Experience Manager (XM) and Sitecore Experience Platform (XP) versions through 9.0.2 are affected by a critical deserialization vulnerability tracked as CVE-2025-53690. This vulnerability allows remote attackers to inject arbitrary code through deserialization of untrusted data, potentially leading to remote code execution.ASM risk query:
risks.name: `Vulnerable Sitecore Experience Platform [CVE-2025-53690]`