Five new hardware and software fingerprints and three new risks for ASM.
Rapid Response
The Censys Rapid Response team published information about and queries for the following issue.
- Multiple Vulnerabilities in NetScaler Gateway & ADC [CVE-2025-5777 & CVE-2025-6543 & CVE-2025-5439]
- Use the following queries to identify exposed NetScaler Gateway and ADC instances. Not all of these are necessarily vulnerable, as specific version information may not be available.
- Platform query
- Legacy Search query
- ASM query
- ASM risk query
- Use the following queries to identify exposed NetScaler Gateway and ADC instances. Not all of these are necessarily vulnerable, as specific version information may not be available.
New fingerprints
Added the following fingerprints.
| Type | Name | Description | Query |
|---|---|---|---|
| hardware | Planet Router | This is a Planet Technology Corporation router or network device. | Platform query |
| software | Wordpress Plugin - Rank Math SEO | A very popular search engine optimization plugin for Wordpress. | Platform query |
| software | wordpress-plugin-wp-rocket | A wordpress performance-based plugin to speed up websites with caching. | Platform query |
| software | wordpress-plugin-wpforms | A wordpress plugin associated with POST forms. | Platform query |
| software | Wordpress Plugin - Yoast SEO | A search-engine optimization plugin for wordpress. | Platform query |
| risk | Vulnerable Citrix Netscaler Application [CVE-2025-6543] | This device is vulnerable to CVE-2025-6543 - A memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server, potentially leading to remote code execution. | ASM risk query: risks.name: `Vulnerable Citrix Netscaler Application [CVE-2025-6543]` |
| risk | Vulnerable Citrix Netscaler Application [CVE-2025-5349, CVE-2025-5777] | This device is vulnerable to CVE-2025-5349, which involves improper access control on the NetScaler Management Interface, and CVE-2025-5777, which results from insufficient input validation leading to memory overread. Successful exploitation of CVE-2025-5349 may allow unauthorized changes or lateral movement within the network, while CVE-2025-5777 could enable attackers to read sensitive memory contents such as session tokens or credentials by hijacking sessions. | ASM risk query: risks.name: `Vulnerable Citrix Netscaler Application [CVE-2025-5349, CVE-2025-5777]` |
| risk | Vulnerable Sitecore Experience Platform [CVE-2025-34509] | Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP. [CVE-2025-34509]. We cannot detect the revision number of the software, so this risk is medium confidence and assumes 10.4.1/10.3.3/10.1.4 are vulnerable. | ASM risk query: risks.name: `Vulnerable Sitecore Experience Platform [CVE-2025-34509]` |
