Release Notes

Acunetix Standard & Premium

RSS Feed

v25.8.2 - additional update - 17 Sep 2025

Copy Link Copy Link
Security check Added the “JWT authentication bypass with LSR” check Upgraded Vulnerability Database (VDB) to version 20250916

Security check

  • Added the “JWT authentication bypass with LSR” check
  • Upgraded Vulnerability Database (VDB) to version 20250916

v25.8.2 - 10 Sep 2025

Copy Link Copy Link
Security check improvements with upgraded Vulnerability Database (VDB) to version 20250909 and corrected OWASP 2021 classifications for multiple reports.

Security check

  • Upgraded Vulnerability Database (VDB) version to 20250909

Fix

  • Fixed OWASP 2021 classifications for multiple reports

v25.8.1 - 03 Sep 2025

Copy Link Copy Link
Security check Upgraded Vulnerability Database (VDB) version to 20250902 Improvement Improved the “GraphQL Introspection Query Enabled” check Improved the “Weak Session IDs” check

Security check

  • Upgraded Vulnerability Database (VDB) version to 20250902

Improvement

  • Improved the “GraphQL Introspection Query Enabled” check
  • Improved the “Weak Session IDs” check

    v25.8 - 22 Aug 2025

    Copy Link Copy Link
    Improvement Improved accuracy in identifying ELMAH error log endpoints for ASP.NET Fix Resolved an issue where attaching the same target with a different port returned “Host already attached”

    Improvement

    • Improved accuracy in identifying ELMAH error log endpoints for ASP.NET

    Fix

    • Resolved an issue where attaching the same target with a different port returned “Host already attached”

    v25.7.0 - 05 Aug 2025

    Copy Link Copy Link
    The 25.7.0 Acunetix update includes improved third-party cookie support in the browser, enhanced web form filling for range inputs, more accurate scan progress tracking, and an upgrade to PostgreSQL 17 for Acunetix On-Premises.

    Security checks

    • Added check for Microsoft SharePoint authentication bypass vulnerability (CVE-2025-53770)

    Improvements

    • Updated browser to use third-party cookies when available
    • Improved web form filler to better cater for inputs with ranges
    • Updated engine to better reflect scan progress
    • Upgraded to PostgreSQL 17 for Acunetix On-Premises (Read more)

    v25.5.2 - 09 Jul 2025

    Copy Link Copy Link
    Security update with new checks for Weak ViewState Key, PAN-OS XSS (CVE-2025-0133), and Citrix NetScaler Memory Disclosure (CVE-2025-5777). Improved Open Redirect detection, updated vulnerability references, and upgraded Vulnerability Database to version 20250708.

    Security checks

    • Added a new security check for Weak ViewState Key
    • Added a new check to detect PAN-OS XSS (CVE-2025-0133)
    • Added a new check to detect Citrix NetScaler Memory Disclosure (CitrixBleed 2) (CVE-2025-5777)
    • Upgraded Vulnerability Database (VDB) version to 20250708

    Improvements

    • Updated Open Redirect to increase coverage

    v25.5.1 - 27 Jun 2025

    Copy Link Copy Link
    New security checks Added a new check to detect Grafana Open Redirect (CVE-2025-4123) Improvements Updated Secret Token detection to increase coverage Updated detection of DB connection in JSON fields Updated DeepScan for more prop extraction Added a new check to detect Prototype Pollution (Server-Side) Updated...

    New security checks

    • Added a new check to detect Grafana Open Redirect (CVE-2025-4123)

    Improvements

    • Updated Secret Token detection to increase coverage
    • Updated detection of DB connection in JSON fields
    • Updated DeepScan for more prop extraction
    • Added a new check to detect Prototype Pollution (Server-Side)
    • Updated dompurify to detect more vulnerabilities
    • Updated iframe injection detection on dom-based vulnerabilities
    • Updated XPath injection for better coverage

    v25.5.0 - 17 Jun 2025

    Copy Link Copy Link
    New features Added support for JAVA IAST Sensor running on WebLogic () New security checks Added JWT auth bypass for API Added SAP NetWeaver Visual Composer Unrestricted File Uploading (CVE-2025-31324) Added detection for Craft CMS Remote Code Execution (CVE-2025-32432) Added check for missing X-Content-Type-Options...

    New features

    • Added support for JAVA IAST Sensor running on WebLogic (Read more)

    New security checks

    • Added JWT auth bypass for API
    • Added SAP NetWeaver Visual Composer Unrestricted File Uploading (CVE-2025-31324)
    • Added detection for Craft CMS Remote Code Execution (CVE-2025-32432)
    • Added check for missing X-Content-Type-Options header
    • Detection for Craft CMS Remote Code Execution vulnerability (CVE-2025-32432)

      Improvements

      • Added regex to enhance detection of Stack Trace Disclosure in Django apps
      • Improved detection of JWTs signed with weak secrets
      • Added new security check for exposed nginx.conf and .htaccess files to enhance vulnerability detection
      • LDAP Injection detection added
      • Added detection for PII (Personally Identifiable Information) disclosure vulnerabilities
      • New detection for database connection strings in JSON responses to improve sensitive data exposure coverage
      • Scanner updated to support scanning targets with NTLM Authentication from Linux
      • Implemented XSRF standard protection for Angular and Spring

      Resolved issues

      • Fixed false positive for Cleo Harmony/VLTrader/LexiCom RCE detection
      • Corrected version comparison logic in “Scripts\WebApps\drupal_3.script”

      v25.4.0 - 22 Apr 2025

      Copy Link Copy Link
      This release includes new security checks and improvements.

      New security checks

      Improvements

      • Updated Node to version 20
      • Updated OpenSSL to version 3.4.1
      • Added an option to expose OpenSSL functions to sign or validate JWT tokens
      • Added an option to disable the DAST scanner from exposing secrets
      • Engine now uses Chromium 135.0.7049.41/52 for scanning
      1 2 28