Changelogs

Acunetix Standard & Premium

RSS Feed

v25.4.0 - 22 Apr 2025

Copy Link Copy Link
This release includes new security checks and improvements.

New security checks

Improvements

  • Updated Node to version 20
  • Updated OpenSSL to version 3.4.1
  • Added an option to expose OpenSSL functions to sign or validate JWT tokens
  • Added an option to disable the DAST scanner from exposing secrets
  • Engine now uses Chromium 135.0.7049.41/52 for scanning

v25.3.2 - 03 Apr 2025

Copy Link Copy Link
Fix Resolved an issue causing a hang in the LSR during retry playback

Fix

  • Resolved an issue causing a hang in the LSR during retry playback

v25.3.1 - 25 Mar 2025

Copy Link Copy Link
New security checks Added a check for Sitecore XM/XP Insecure Deserialization (CVE-2025-27218) Added a check for Next.js Middleware Authorization Bypass (CVE-2025-29927)

New security checks

  • Added a check for Sitecore XM/XP Insecure Deserialization (CVE-2025-27218)

  • Added a check for Next.js Middleware Authorization Bypass (CVE-2025-29927)

v25.3.0 - 10 Mar 2025

Copy Link Copy Link
This 25.3.0 Acunetix release contains a number of technologies improvements, new features, security checks, and resolved issues.

New features

  • Windows Internal Scanning Agents can now scan websites which make use of Smart Card Authentication
  • Acunetix On Premise can now be installed on Windows Server 2025

New security checks

  • Added a check for PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
  • Added a check for SimpleHelp Path Traversal (CVE-2024-57727)

Improvements

  • Technologies: DAST scanner updated to report over 30 new technologies
  • Improved detection of Open Redirect
  • Improved detection of Reverse Proxy
  • Improved detection of ViewState problems
  • Improvements to timeouts while crawling SPAs
  • Improved parsing of double URL encoded files

Resolved issues

  • Fixed: Technologies incorrectly reported as normal vulnerabilities
  • Fix: False Negative reporting EspoCRM
  • Fixed issue causing Login Sequence Recorder to not load on Windows 10 / Windows Server 2016

v25.1.2 - 17 Feb 2025

Copy Link Copy Link
Release 25.1.2 for Acunetix is for SQL Server Vulnerabilities improvements.

Improvements

  • Moved a number of SQL Server Vulnerabilities to Technologies

v25.1.1 - 07 Feb 2025

Copy Link Copy Link
New security checks Added a new check for SSRF Cloud Metadata Added a new check for Out-of-Band SSTIs Improvements Improved Information Disclosures for phpinfo Improved Username Disclosure for MS SQL Improved Database Name Disclosures Improved detection of exposed git repositories Improved coverage of checks in...

New security checks

  • Added a new check for SSRF Cloud Metadata
  • Added a new check for Out-of-Band SSTIs

Improvements

  • Improved Information Disclosures for phpinfo
  • Improved Username Disclosure for MS SQL
  • Improved Database Name Disclosures
  • Improved detection of exposed git repositories
  • Improved coverage of checks in Directory tests
  • Updated VDB to 20250204
  • Improved detection of Programming Error Messages

Resolved issues

  • Fixed a false positive causing EspoCRM tech to be reported unexpectedly

v25.1.0 - 04 Feb 2025

Copy Link Copy Link
New security checks Added a check for Craft CMS Development Mode enabled Added a check for Craft CMS register_argc_argv RCE (CVE-2024-56145) Added a check for Apple’s App-Site Association (AASA) file Added new checks for API9:2023 Improper Inventory Management Added new checks for API10:2023 Unsafe Consumption...

New security checks

  • Added a check for Craft CMS Development Mode enabled
  • Added a check for Craft CMS register_argc_argv RCE (CVE-2024-56145)
  • Added a check for Apple’s App-Site Association (AASA) file
  • Added new checks for API9:2023 Improper Inventory Management
  • Added new checks for API10:2023 Unsafe Consumption of APIs
  • Added new checks for API2:2023 Broken Authentication

New features

  • Added support for scanning web applications using Smart Card Authentication. Learn more.

Improvements

  • Improved detection of Microsoft SQL Server as a technology
  • Improved detection of XSS
  • Updated the severity of some vulnerabilities to better reflect their impact
  • Improved detection of weak passwords
  • Improved detection of Blind XSS
  • Improved detection of SQL Injection
  • Updated scanner to never downgrade from HTTPs to HTTP

Resolved issues

  • Improvement to launching Chromium on Windows 10 build 14393

 

v24.12.1 - 03 Jan 2025

Copy Link Copy Link
New Security Checks Added Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164) Added Cleo LexiCo, VLTransfer, and Harmony (CVE-2024-50623/CVE-2024-55956) Improvements Updates to technologies and fingerprints

New Security Checks

Improvements

  • Updates to technologies and fingerprints

v24.12.0 - 16 Dec 2024

Copy Link Copy Link
New Security Checks Added Palo Alto PAN-OS RCE (CVE-2024-0012/CVE-2024-9474) Added Sitecore AFR (CVE-2024-46938) Added a security check for CVE-2024-51567 / CVE-2024-51568 / CVE-2024-51378 Added a fix for Acunetix’s incorrect detection of Drupal versions, where the script read the version correctly but compared it improperly Improvements...

New Security Checks

Improvements

  • The engine now uses Chromium 131 for scanning
  • The engine now leverages headers from all import files, incl. Postman collections
  • The engine now supports using host and path from Postman collections
  • Users can see clearly if OTP is not configured inside the Login Sequence Recorder

Fixes

  • Fixed an issue where, in rare cases, the LSR failed to correctly add session data

  • Fixed an issue where GraphQL imports could fail in certain edge cases

1 2 27