Summary

New software fingerprints for HPE OneView and Hack the Box.
New ASM risk fingerprints for SmarterMail services vulnerable to CVE-2025-52691, exposed HPE OneView services, unauthenticated ZeroMQ services, and unauthenticated NATS services.
Added support for ingesting and excluding cloud resources from the AWS ap-east-2, ap-southeast-7, and ap-southeast-6 regions when using the ASM AWS Cloud Connector.
One new Rapid Response advisory and queries for SmarterMail CVE-2025-52691.

ASM

ASM users can now configure their AWS Cloud Connectors to ingest or exclude cloud resources from the ap-east-2, ap-southeast-7, and ap-southeast-6 regions.

The Censys Rapid Response team published information about and queries for the following issue.

Added the following fingerprints.

Type	Name	Description	Query
software	HPE OneView	This is an HPE OneView infrastructure management platform.	Platform query
software	Hack the Box	This is a Hack the Box service or endpoint.	Platform query
risk	Unauthenticated NATS Service	A NATS messaging system is exposed without authentication. This allows unauthenticated clients to publish messages to subjects and subscribe to subjects to receive published messages, potentially exposing sensitive data or allowing unauthorized data manipulation.	ASM risk query: risks.name: `Unauthenticated NATS Service`
risk	Unauthenticated ZeroMQ Service	A ZeroMQ service is exposed without authentication. ZeroMQ services allow unauthenticated clients to connect and interact with the messaging system, which introduces a risk of unintended data exposure or manipulation.	ASM risk query: risks.name: `Unauthenticated ZeroMQ Service`
risk	Vulnerable SmarterMail [CVE-2025-52691]	This SmarterMail server is running a build version vulnerable to CVE-2025-52691, an arbitrary file upload vulnerability that allows unauthenticated attackers to upload arbitrary files to any location on the mail server, potentially enabling remote code execution. Build versions 9406 and earlier are vulnerable.	ASM risk query: risks.name: `Vulnerable SmarterMail [CVE-2025-52691]`
risk	Exposed HPE OneView	An HPE OneView infrastructure management application is exposed to the Internet.	ASM risk query: risks.name: `Exposed HPE OneView`