Release Notes

This release includes two new Rapid Response risks for ASM and a new software fingerprint for all datasets.

Rapid Response

The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities.

Unauthenticated Auth Bypass Vulnerability in CrushFTP CVE-2025-31161
- Use the following queries to find CrushFTP services. Not all of these are necessarily vulnerable, as specific version information may not be available.
- Platform query
- Legacy Search query
- ASM query
- ASM risk query
  - This query can be used to identify exposed instances of CrushFTP that are vulnerable to the exploit.
Unauthenticated RCE Vulnerability in Ivanti Connect & Policy Secure and ZTA Gateway CVE-2025-22457
- Use the following queries to find Ivanti Connect Secure services. Not all of these are necessarily vulnerable, as specific version information may not be available.
- Platform query
- Legacy Search query
- ASM query
- ASM risk query
  - This query can be used to identify exposed instances of Ivanti Connect Secure that are vulnerable to the exploit.

New fingerprints

Type	Name	Description	Query
risk	Vulnerable CrushFTP [CVE-2025-2825, CVE-2025-31161]	CrushFTP contains an unauthenticated authentication bypass vulnerability. This affects CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0. There are two CVE-IDs because the original CVE-2025-2825 was assigned by VulnCheck, but the vendor has identified the CVE-ID as CVE-2025-31161.	ASM query
risk	Vulnerable Ivanti Connect Secure Application [CVE-2025-22457]	This Ivanti Connect Secure (before 22.7R2.6) application is vulnerable to CVE-2025-22457. This vulnerability allows an unauthenticated attacker to achieve remote code execution.	ASM query
software	Medsynapse PACS	Medsynapse PACS is a web-based picture archiving and communication system (PACS) for transfer of medical images within and outside hospitals.	Platform query Legacy Search query

Type

Name

Description

Query

risk

Vulnerable CrushFTP [CVE-2025-2825, CVE-2025-31161]

CrushFTP contains an unauthenticated authentication bypass vulnerability. This affects CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0. There are two CVE-IDs because the original CVE-2025-2825 was assigned by VulnCheck, but the vendor has identified the CVE-ID as CVE-2025-31161.

ASM query

risk

Vulnerable Ivanti Connect Secure Application [CVE-2025-22457]

This Ivanti Connect Secure (before 22.7R2.6) application is vulnerable to CVE-2025-22457. This vulnerability allows an unauthenticated attacker to achieve remote code execution.

ASM query

software

Medsynapse PACS

Medsynapse PACS is a web-based picture archiving and communication system (PACS) for transfer of medical images within and outside hospitals.

Platform query

Legacy Search query

An RSS feed for the Censys changelog is available here.

This release includes Collections for the Platform and risk evidence for ASM.

For product updates from before April 2, 2025, please refer to the product updates section of the Censys Community.

Censys Platform

Use Collections to track and monitor the results of a Censys query over time.
- Save time and resources by creating a collection and configuring alerts to track new assets that match your queries.
- Collections track both additions and subtractions to assets that match your queries.
- Configure collection webhooks to receive real-time alerts for any changes within your collections.
- Collections are currently available to Platform Starter users.
- Learn more about Collections in the Censys Academy.

Censys ASM

Use risk evidence to understand how Censys ASM detected a risk and determine whether a risk requires further validation before it is prioritized for remediation.
- Risk evidence links directly to the scan data that includes the evidence for risk. This enables you to accelerate your investigations and use Censys data to find and close risks faster.

Rapid Response

The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities.

Authentication Bypass Vulnerability in Next.js CVE-2025-29927
- Use the following queries to map Next.js services. Not all of these are necessarily vulnerable, as specific version information may not be available.

New protocols

Added support for the following protocols.

Protocol	Query
`CHECK_MK_AGENT`	Platform query
`NATS_IO`	Platform query

New fingerprints

Added the following fingerprints.

Type	Name	Description	Query
risk	Exposed Kubernetes Ingress NGINX Admission Controller	The affected service exposes a Kubernetes Ingress NGINX Admission Controller. This controller is vulnerable to multiple critical unauthenticated Remote Code Execution vulnerabilities collectively known as "IngressNightmare" (CVE-2025-1974, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-24513). Exploitation can lead to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in complete cluster takeover.	ASM query
risk	Vulnerable Next.js [CVE-2025-29927]	Next.js contains a vulnerability that could allow an attacker to execute arbitrary code through a specially crafted request. This affects versions 11.1.4 through 12.3.5, 13.0.0 through 13.5.9, 14.0.0 through 14.2.25, and 15.0.0 through 15.2.3.	ASM query

An RSS feed for the Censys changelog is available here.