Acunetix v25.12 發布消息-版本更新公告 | 新永資訊有限公司

  1. 首頁
  2. 軟體更新資訊
  3. Acunetix v25.12 發布消息-版本更新公告

軟體更新資訊

Acunetix v25.12 發布消息-版本更新公告

更新消息
 
  • Acunetix v25.12.12 - 11 March 2026

    Security checks

    • Updated the vulnerability database (VDB) to version 20260310
    • Improved technology detection
    • Updated severity ratings for Chamilo versions 1.10.0, 1.10.2, 1.10.4, 1.10.6, 1.10.8, 1.11.26, 1.8.6.1, 1.8.8.3, 1.9.0, 1.9.10, 1.9.10.2, 1.9.10.4, 1.9.6, 1.9.6.1, 1.9.8, 1.9.8.1, 1.9.8.2 from High to Critical
    • Updated severity rating for Chamilo version 1.11.24 from Medium to Critical
    • Updated severity ratings for Craft CMS versions 4.15.6.2, 4.16.17, 4.16.18, 4.16.19, 4.4.14, 4.5.6.1, 5.6.16, 5.7.1.1, 5.8.21, 5.8.22, 5.8.23 from High to Critical
    • Updated severity ratings for DotCMS versions 22.03, 22.03.2, 22.03.4, 22.03.5, 22.03.6, 22.03.7, 22.03.8, 22.03.9, 22.03.10, 22.03.11, 22.03.12, 22.03.13, 22.03.14, 22.03.15, 23.01.1, 23.01.2, 23.01.3, 23.01.4, 23.01.5, 23.01.6, 23.01.7, 23.01.8, 23.01.9, 23.01.10, 23.01.11, 23.01.12, 23.01.13, 23.01.14, 23.01.15, 23.01.16, 23.01.17, 23.10.24.0 from Medium to Critical
    • Updated severity ratings for EspoCRM versions 2.6.0, 2.7.0, 2.7.1, 2.7.2, 2.8.0, 2.8.1, 2.9.0, 2.9.1, 2.9.2, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.6.1, 3.6.2, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.8.0, 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.5.0, 4.5.1, 4.6.0, 4.7.0, 4.7.1, 4.7.2, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.7.7, 5.7.8, 5.7.9, 5.7.10, 5.7.11, 5.8.0, 5.8.1, 5.8.2, 5.8.3, 5.8.4, 5.8.5 from High to Critical
    • Updated severity ratings for osCommerce versions 1.0.6.0, 1.0.7.0, 1.0.7.1, 1.0.7.2, 1.0.7.3, 1.0.7.4, 1.0.7.5, 1.0.7.6, 1.0.7.7, 1.0.7.8, 1.0.7.9, 1.1, 1.11, 1.12, 1.13, 2.3, 2.3.1, 2.3.2, 2.3.3, 2.3.3.1, 2.3.3.2, 2.3.3.3, 2.3.3.4, 2.3.4 from Medium to High
  • Acunetix v25.11 - 14 November 2025

    Improvements

    • Added support for tracking session tokens in URL Parameters in DAST scans
    • Updated LSR to use configured custom cookies
    • Added support for Custom Namespaces in WSDL specifications
    • Improved support for web applications that return 429 responses during the DAST scan
    • Improved processing of Path Fragments discovered by Deepscan
    • Improved handling of sitemaps
    • Upgraded Python to v3.13.6
    • Upgraded to PostgreSQL 17.6 for Acunetix on-premises

    Resolved issues

    • Fixed false positives from “PII without authentication” scripts
    • API documentation is now properly reachable in the most recent on-premise version
  • Acunetix v25.8.2 - 17 September 2025

    Security Checks

    • Added the “JWT authentication bypass with LSR” check
    • Upgraded Vulnerability Database (VDB) to version 20250916
    • Upgraded Vulnerability Database (VDB) version to 20250909

    Fix

    • Fixed OWASP 2021 classifications for multiple reports
  • Acunetix v25.7.0 - 05 August 2025

    Security Checks

    • Added check for Microsoft SharePoint authentication bypass vulnerability (CVE-2025-53770)

    Improvements

    • Updated browser to use third-party cookies when available
    • Improved web form filler to better cater for inputs with ranges
    • Updated engine to better reflect scan progress
    • Upgraded to PostgreSQL 17 for Acunetix On-Premises (Read more)
  • Acunetix v25.5.2 - 09 July 2025

    Security Checks

    • Added a new security check for Weak ViewState Key
    • Added a new check to detect PAN-OS XSS (CVE-2025-0133)
    • Added a new check to detect Citrix NetScaler Memory Disclosure (CitrixBleed 2) (CVE-2025-5777)
    • Upgraded Vulnerability Database (VDB) version to 20250708

    Improvements

    • Updated Open Redirect to increase coverage
  • Acunetix v25.5.1 - 27 June 2025

    New Security Checks

    • Added a new check to detect Grafana Open Redirect (CVE-2025-4123)

    Improvements

    • Updated Secret Token detection to increase coverage
    • Updated detection of DB connection in JSON fields
    • Updated DeepScan for more prop extraction
    • Added a new check to detect Prototype Pollution (Server-Side)
    • Updated dompurify to detect more vulnerabilities
    • Updated iframe injection detection on dom-based vulnerabilities
    • Updated XPath injection for better coverage
  • Acunetix v25.5.0 - 17 June 2025

    New Features

    • Added support for JAVA IAST Sensor running on WebLogic (Read more)

    New security checks

    • Added JWT auth bypass for API
    • Added SAP NetWeaver Visual Composer Unrestricted File Uploading (CVE-2025-31324)
    • Added detection for Craft CMS Remote Code Execution (CVE-2025-32432)
    • Added check for missing X-Content-Type-Options header
    • Detection for Craft CMS Remote Code Execution vulnerability (CVE-2025-32432)

    Improvements

    • Added regex to enhance detection of Stack Trace Disclosure in Django apps
    • Improved detection of JWTs signed with weak secrets
    • Added new security check for exposed nginx.conf and .htaccess files to enhance vulnerability detection
    • LDAP Injection detection added
    • Added detection for PII (Personally Identifiable Information) disclosure vulnerabilities
    • New detection for database connection strings in JSON responses to improve sensitive data exposure coverage
    • Scanner updated to support scanning targets with NTLM Authentication from Linux

    Resolved issues

    • Fixed false positive for Cleo Harmony/VLTrader/LexiCom RCE detection
    • Corrected version comparison logic in “Scripts\WebApps\drupal_3.script”
  • Acunetix v25.1.1 - 07 Feb 2025

    Resolved issues

    • Fixed a false positive causing EspoCRM tech to be reported unexpectedly
    • Acunetix v24.12.0 - 16 Dec 2024

      New Security Checks

      • Added Palo Alto PAN-OS RCE (CVE-2024-0012/CVE-2024-9474)
      • Added Sitecore AFR (CVE-2024-46938)
      • Added a security check for CVE-2024-51567 / CVE-2024-51568 / CVE-2024-51378
      • Added a fix for Acunetix’s incorrect detection of Drupal versions, where the script read the version correctly but compared it improperly

      Improvements

      • The engine now uses Chromium 131 for scanning
      • The engine now leverages headers from all import files, incl. Postman collections
      • The engine now supports using host and path from Postman collections
      • Users can see clearly if OTP is not configured inside the Login Sequence Recorder

      Fixes

      • Fixed an issue where, in rare cases, the LSR failed to correctly add session data
      • Fixed an issue where GraphQL imports could fail in certain edge cases
    • Acunetix v25.1.0 - 04 Feb 2025

      New Security Checks

      • Added a check for Craft CMS Development Mode enabled.
      • Added a check for Craft CMS register_argc_argv RCE (CVE-2024-56145).
      • Added a check for Apple’s App-Site Association (AASA) file.
      • Added new checks for API9:2023 Improper Inventory Management.
      • Added new checks for API10:2023 Unsafe Consumption of APIs.
      • Added new checks for API2:2023 Broken Authentication.

      New Features

      • Added support for scanning web applications using Smart Card Authentication. Learn more.

      Improvements

      • Improved detection of Microsoft SQL Server as a technology.
      • Improved detection of XSS.
      • Updated the severity of some vulnerabilities to better reflect their impact.
      • Improved detection of weak passwords.
      • Improved detection of SQL Injection.
      • Updated scanner to never downgrade from HTTPs to HTTP.

      Resolved issues

      • Improvement to launching Chromium on Windows 10 build 14393.
    • Acunetix v24.12.0 - 16 Dec 2024

      New Security Checks

      • Added Palo Alto PAN-OS RCE (CVE-2024-0012/CVE-2024-9474)
      • Added Sitecore AFR (CVE-2024-46938)
      • Added a security check for CVE-2024-51567 / CVE-2024-51568 / CVE-2024-51378
      • Added a fix for Acunetix’s incorrect detection of Drupal versions, where the script read the version correctly but compared it improperly

      Improvements

      • The engine now uses Chromium 131 for scanning
      • The engine now leverages headers from all import files, incl. Postman collections
      • The engine now supports using host and path from Postman collections
      • Users can see clearly if OTP is not configured inside the Login Sequence Recorder

      Fixes

      • Fixed an issue where, in rare cases, the LSR failed to correctly add session data
      • Fixed an issue where GraphQL imports could fail in certain edge cases
    • Acunetix v24.10.241106172 - 07 Nov 2024

      Improvements

      • Improved detection of Microsoft SQL Server as a technology
      • Improved detection of XSS
      • Updated the severity of some vulnerabilities to better reflect their impact
      • Improved detection of weak passwords
      • Improved detection of Blind XSS
    • Acunetix v24.9.241015145 - 17 Oct 2024

      New Security Checks

      • Added check for CVE-2024-6842

      Improvements

      • Upgraded to OpenSSL
      • Updates to technologies and fingerprints
    • Acunetix v24.9.240918130 - 19  Sep 2024

      This release build is currently only available for Acunetix On-Premises

       

      New Security Check

      Improvements

      • Updated Chromium to v128.0.3316.119/.120
      • The scanner now supports GraphQL when described in introspection JSON
      • The upgraded Scan Details page is now enabled for On-Premises customers as well → Learn more

      • Using API Discovery On-Premises, the admin can specify a destination URL for the Network Traffic Analyzer con

      Fixes

      • Fixed a false positive in the Solr Injection check
      • Resolved a rare case where the vulnerability detail was not loading properly on the new Scan Details page
      • Runtime SCA PDF reports are now being generated correctly
      • The scan end timestamp is now loading properly on the new Scan Details page
    • Acunetix v24.8.240903137 - 04  Sep  2024

      Fixes

      • Fixes on the HTTP/2 Handler
    • Acunetix v24.7.1 - 24  Jul  2024

      NEW SECURITY CHECKS

      • Added detection for Mura Masa SQLi (CVE-2024-32640)

      Fixes

      • Fixed a False Positive on the ‘Broken access control in Confluence Server and Data Center’ vulnerability (CVE-2023-22515)
    • Acunetix v24.7.0 - 16  Jul 2024

      New Features

      • Invicti API Security: multi-layered API discovery to enable comprehensive identification of known and undocumented APIs → Learn more

      New Security Checks

      Improvements

      • Scanner: Improved processing of large files
      • Added support for HTTP/2 requests in Burp state import files
      • .NET IAST Sensor: Added support for Engine.Razor functions
      • Improved XFS checks
      • Improvements to the new Scan Detail page (Early Access)

      Fixes

      • Minor UI/UX fixes across the application
    • Acunetix v24.6.1 - 02  Jul  2024

      SECURITY CHECKS

      Fixes

      • Fixed an issue with the Discovery service in On-Premises environments
    • Acunetix v24.5.240529155 - 30  May 2024

      New Features

      • Added the ability to link an API definition URL for adding paths to a target before scanning. Read more about how to add paths to targets and how this helps scanning.

      New Security Checks

      Improvements

      • Fixed the password reset tool for Windows for Acunetix On-Premises
      • .NET Core IAST Sensor: Removed dependency on NLog
      • Various improvements in Deepscan, lessening the time to process pages / SPAs
      • Deepscan updated to not interact with Google Maps
      • Updated detection for monitoring systems
      • Updated detection of web installers

      Fixes

      • Correct warning is now displayed when attempting to add more than permitted target variations

        Addressed several usability and design issues across application settings
      • Fixed a possible problem starting OpenVAS scans with Acunetix On-Premises
      • Design updates for User settings in Acunetix Online
      • Fixed an issue in the PHP sensor affecting PHP 8.1+ web applications
      • For users in a User Group, target group assignment is properly applied under all scenarios
      • Fixed a user permission issue when using custom roles
      • Invite emails from Acunetix On-Premises for Linux are properly displaying content now
      • Fixed the OOM (out of memory) problem when processing large PDF files
    • Acunetix v24.3.2 - 15  April 2024
      Improvements
      • Replaced an expiring Invicti Signing Code Certificate for Windows binaries
    • Acunetix v24.4.240427095 - 30  April 2024

      New Features

      • Added the ability to link an API definition URL for adding paths to a target before scanning. Read more about how to add paths to targets and how this helps scanning.

      New Security Checks

      Improvements

      • Fixed the password reset tool for Windows for Acunetix On-Premises
      • .NET Core IAST Sensor: Removed dependency on NLog
      • Various improvements in Deepscan, lessening the time to process pages / SPAs
      • Deepscan updated to not interact with Google Maps
      • Updated detection for monitoring systems
      • Updated detection of web installers

      Fixes

      • Correct warning is now displayed when attempting to add more than permitted target variations

        Addressed several usability and design issues across application settings
      • Fixed a possible problem starting OpenVAS scans with Acunetix On-Premises
      • Design updates for User settings in Acunetix Online
      • Fixed an issue in the PHP sensor affecting PHP 8.1+ web applications
      • For users in a User Group, target group assignment is properly applied under all scenarios
      • Fixed a user permission issue when using custom roles
      • Invite emails from Acunetix On-Premises for Linux are properly displaying content now
      • Fixed the OOM (out of memory) problem when processing large PDF files
    • Acunetix v24.3.2 - 15  April 2024
      Improvements
      • Replaced an expiring Invicti Signing Code Certificate for Windows binaries
    • Acunetix v24.3.0 - 25  March 2024

      New Features

      • Smart API Scanning capabilities for Swagger 2
      • Smart API Scanning capabilities for OpenAPI 3

      New Security Checks

      Improvements

      • Improved Crawling of websites using IFrames
      • .NET IAST sensor will report SQL Injection issues introduced through the usage of MSSQL Entity Framework Sql_Query
      • Improved detection of DOM XSS in Referrer Header
      • Improved detection of DOM XSS in document.cookie

      Fixes

      • Fixed a situation when a new target couldn’t be created via API

        Fixed: Missing HTTP response for vulnerabilities reported by internal scanning agent
      • Fixed: Missing Attack Details for Unsupported SSL Secure Renegotiation vulnerability
    • Acunetix v24.2.240227118 - 28  Feb 2024

      Fixes

      • Invitation emails are being sent correctly
      • Discovered assets can be correctly assigned to target groups
    • Acunetix v24.2.240226074 - 26  Feb 2024

      New Features

      • Added the ability to use Aria Roles to provide better coverage
      • Introduced PCI DSS 4.0 report. Note that PCI DSS 3.2 will reach the end of its support or relevance by the end of March
      • .NET IAST now supports .NET 8 (currently in Open Beta)

      New Security Checks

      Improvements

      • Updated Chromium to 121.0.6167.139/140
      • Improved detection of DOM-based Cross Site Scripting (XSS)
      • Improved the way that “Content Security Policy Misconfiguration” alerts are reported
      • Improved detection of Client Side Prototype Pollution (CSPP)
      • IAST scans will start reporting the IAST sensor version used for the scan
      • New column “Result” is shown in the list of scans to provide more details about scan outcome
      • Enhanced support for OTP apps by displaying the activation code next to the QR code
      • Improved crawling of Single Page Applications (SPA) that are using Ionic Framework
      • Added the ability to scan web applications which require browsing in a single browser tab
      • Upgraded user experience of in-app notifications – Updated UX of notifications dropdown
      • When accessing the application from a different location or browser, all other sessions are promptly terminated. Previously, users were notified, causing inconvenience when working from various locations

      Fixes

      • Fixed a bug caused by the engine not respecting Cache-Control directive
      • In rare situations, a report being generated could have resulted in an Internal server error. This issue has now been fixed
      • Fixed several minor user experience issues across the application
    • Acunetix v24.1.240131143 - 01  Feb 2024

      New Features

      • The Java IAST sensor now supports Java 21

      New Security Checks

      Fixes

      • Fixed a bug in the processing of technologies
    • Acunetix v24.1.240111130 - 11  Jan 2024

      New Features

      • The Java IAST sensor has been updated to support Java 17 and removes the requirement for AspectJWeaver
      • Changes to the mechanism that manages services for Acunetix On-Premises for Docker and Linux (Customers using Acunetix On-Premises for Docker or Linux need to manually update to version 24.1)

      New Security Checks

      • Improved Elmah security check to check for variants of Elmah
      • OpenCms Chemistry Solr XML External Entity (XXE) (CVE-2023-42346)
      • OwnCloud phpinfo Information Disclosure (CVE-2023-49103)
      • TorchServe Management API SSRF (CVE-2023-43654)
      • Updated vulnerabilities for WordPress Core and WordPress plugins
      • Ofbiz PreAuth RCE (CVE-2023-49070)
      • F5 BIG-IP Request Smuggling (CVE-2023-46747)
      • Sitecore XP TemplateParser RCE (CVE-2023-35813)
      • Added a check for SSRF/LFI via PDF generation
      • Added a check for file inclusion/path traversal when the response is shown inside a PDF

      Improvements

      • Updated .NET (core) IAST sensor to hook new functions
      • The scanner will now properly report when the protocol (http/https) is changed at the start of the scan
      • Increased the size limit to 10kB for supported Client Certificates for authenticated scans
      • Updated to Chromium 119.0.6045.199/200
      • Users can opt-in to receive a direct download link instead of a PDF report attachment (On-Prem only)
      • Improved crawling of Single Page Applications (SPA) that are using React
      • Improved crawling of Single Page Applications (SPA) that are using the Angular Framework
      • Improved crawling of Single Page Applications (SPA) that are using the Vue.js Framework
      • New User Profile design
      • A refreshed UI with a new navigational experience

      Fixes

      • Fixed an issue that was causing some vulnerabilities not to be exported to Amazon AWS WAF
      • Fixed a Deepscan and LSR issue caused when a page overrides the standard window.* methods
      • Notifications about scans that require manual intervention are now correctly displayed wherever the user is located (On-Prem only)
      • Fixed a number of scanner crashes
    • Acunetix v23.11.231130164 - 4  Dec 2023
             Fixes
      • Fixed a bug in SSO workflow.
    • Acunetix v23.11.0 - 23 Nov 2023

      New Features

      • Every user can now choose which email notifications they receive by setting their individual preferences located in their User Profile
      • For Acunetix On-Premises customers, email server settings have been moved under the Settings menu
      • You can now open Acunetix on multiple tabs without needing to log in with every new tab you open
      • We’ve added CVSS 4.0 scores to some vulnerabilities — You’ll find the CVSS 4.0 score and vector displayed next to the old score (3.1/3.0/2.0, whichever is highest) in the UI and API
      • For Acunetix On-Demand customers, user management is now available under Settings > Users & Access. Here you’ll find the user list with some new filter options and a new way to create user accounts by generating an invitation link (the user specifies their own password instead of the administrator).

      New Security Checks

      Improvements

      • Email notifications now have the option to include a direct link for downloading PDF report. Previously it was necessary to log in to Acunetix to download PDF report.
      • Updated the Chromium Build to 119.0.6045.123/.124
      • Enhanced IAST .NET sensor detection capabilities
      • IImproved location detection when using LSR
      • Improved scanner stability for select environments
      • Improvements to handling OpenAPI specifications
      • Multiple improvements to the SQL Injection vulnerability checks

      Fixes

      • Fixed an issue that was causing Amazon WAF exports to fail

        PDF reports now display information that was previously being cut off
    • Acunetix v15.6.230505122 - 09 May 2023

      New Security Checks

      • Added SAML-related security checks.
      • New security checks for Adobe ColdFusion affected by Deserialization RCE vulnerability. CVE-2023-26359/CVE-2023-26360
      • New security checks for GraphQL.
      • New checks for Joomla vulnerabilities.

      Improvements

      • Updated the embedded Chromium browser to v109.0.5414.141 for Windows and 112.0.5615.165 for Linux.
      • Improved the Business Logic Recorder to work with autocomplete fields.
      • Updated .NET IAST AcuSensor to avoid reporting false positives for default server misconfiguration.
      • Improved .NET IAST AcuSensor for reporting vulnerable packages.
      • Added support for file upload to the Login Sequence Recorder and Business Logic Recorder.
      • Improved response handling.
      • Various DeepScan Improvements.
      • Improved the coverage of development file exposure check.
      • Updated the Software Composition Analysis (SCA) database.
      • Updated the WordPress plugin vulnerabilities.

      Fixes

      • Various fixes in the scanner to lower memory usage.