Hub Appsec rule

More info

vpatch-CVE-2025-9316 AppSec Rule

« vpatch-CVE-2025-9316 »
v0.1 by crowdsecurity
AppSec rule

Detects unauthenticated session ID generation in N-central via ServerUI SOAP endpoint.

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2025-9316

YAML Configuration

1## autogenerated on 2025-12-17 15:02:23
2name: crowdsecurity/vpatch-CVE-2025-9316
3description: 'Detects unauthenticated session ID generation in N-central via ServerUI SOAP endpoint.'
4rules:
5  - and:
6      - zones:
7          - URI
8        transform:
9          - lowercase
10        match:
11          type: contains
12          value: /dms/services/serverui
13      - zones:
14          - RAW_BODY
15        transform:
16          - lowercase
17        match:
18          type: contains
19          value: '<sessionhello>'
20
21labels:
22  type: exploit
23  service: http
24  confidence: 3
25  spoofable: 0
26  behavior: 'http:exploit'
27  label: 'N-central - Authentication Bypass'
28  classification:
29    - cve.CVE-2025-9316
30    - attack.T1190
31    - cwe.CWE-287
32

Hub Appsec rule

« vpatch-CVE-2025-9316 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2025-9316 »
v0.1 by crowdsecurity
AppSec rule