Acunetix Premium - v25.5.0

New features

  • Added support for JAVA IAST Sensor running on WebLogic (Read more)

New security checks

  • Added JWT auth bypass for API
  • Added SAP NetWeaver Visual Composer Unrestricted File Uploading (CVE-2025-31324)
  • Added detection for Craft CMS Remote Code Execution (CVE-2025-32432)
  • Added check for missing X-Content-Type-Options header
  • Detection for Craft CMS Remote Code Execution vulnerability (CVE-2025-32432)

    Improvements

    • Added regex to enhance detection of Stack Trace Disclosure in Django apps
    • Improved detection of JWTs signed with weak secrets
    • Added new security check for exposed nginx.conf and .htaccess files to enhance vulnerability detection
    • LDAP Injection detection added
    • Added detection for PII (Personally Identifiable Information) disclosure vulnerabilities
    • New detection for database connection strings in JSON responses to improve sensitive data exposure coverage
    • Scanner updated to support scanning targets with NTLM Authentication from Linux

    Resolved issues

    • Fixed false positive for Cleo Harmony/VLTrader/LexiCom RCE detection
    • Corrected version comparison logic in "Scripts\WebApps\drupal_3.script"