Update taxonomy

actions-user · actions-user · commit fe5dab15630f · 2026-02-27T09:12:09.000Z
diff --git a/taxonomy/scenarios.json b/taxonomy/scenarios.json
@@ -3379,6 +3379,50 @@
       "CWE-94"
     ]
   },
+  "crowdsecurity/vpatch-CVE-2025-40552": {
+    "name": "crowdsecurity/vpatch-CVE-2025-40552",
+    "description": "Detects authentication bypass in SolarWinds Web Help Desk via WebObjects wopage parameter access to sensitive pages",
+    "label": "SolarWinds Web Help Desk - Authentication Bypass",
+    "behaviors": [
+      "http:exploit"
+    ],
+    "mitre_attacks": [
+      "TA0001:T1190"
+    ],
+    "confidence": 3,
+    "spoofable": 0,
+    "cti": true,
+    "service": "http",
+    "created_at": "2026-02-27T09:11:25",
+    "cves": [
+      "CVE-2025-40552"
+    ],
+    "cwes": [
+      "CWE-287"
+    ]
+  },
+  "crowdsecurity/vpatch-CVE-2025-4689": {
+    "name": "crowdsecurity/vpatch-CVE-2025-4689",
+    "description": "Detects WordPress Ads Pro Plugin unauthenticated SQLi + LFI chain via wp-ajax endpoint targeting a_id parameter (CVE-2025-4689)",
+    "label": "WordPress Ads Pro Plugin - SQLI",
+    "behaviors": [
+      "http:exploit"
+    ],
+    "mitre_attacks": [
+      "TA0001:T1190"
+    ],
+    "confidence": 3,
+    "spoofable": 0,
+    "cti": true,
+    "service": "http",
+    "created_at": "2026-02-26T09:31:51",
+    "cves": [
+      "CVE-2025-4689"
+    ],
+    "cwes": [
+      "CWE-89"
+    ]
+  },
   "crowdsecurity/vpatch-CVE-2025-47188": {
     "name": "crowdsecurity/vpatch-CVE-2025-47188",
     "description": "Detects OS command injection in Mitel 6000 series SIP Phones via ringtone upload functionality.",
@@ -3643,6 +3687,28 @@
       "CWE-89"
     ]
   },
+  "crowdsecurity/vpatch-CVE-2025-61678": {
+    "name": "crowdsecurity/vpatch-CVE-2025-61678",
+    "description": "Detects FreePBX arbitrary file upload RCE via fwbrand directory traversal in Custom Firmware Management endpoint (CVE-2025-61678)",
+    "label": "FreePBX - RCE",
+    "behaviors": [
+      "http:exploit"
+    ],
+    "mitre_attacks": [
+      "TA0001:T1190"
+    ],
+    "confidence": 3,
+    "spoofable": 0,
+    "cti": true,
+    "service": "http",
+    "created_at": "2026-02-26T09:31:51",
+    "cves": [
+      "CVE-2025-61678"
+    ],
+    "cwes": [
+      "CWE-22"
+    ]
+  },
   "crowdsecurity/vpatch-CVE-2025-61882": {
     "name": "crowdsecurity/vpatch-CVE-2025-61882",
     "description": "Detects Oracle E-Business Suite 12.2.3\u201312.2.14 LFI and SSRF/RCE via ieshostedsurvey.jsp and UiServlet endpoints.",
@@ -3687,6 +3753,28 @@
       "CWE-23"
     ]
   },
+  "crowdsecurity/vpatch-CVE-2025-66039": {
+    "name": "crowdsecurity/vpatch-CVE-2025-66039",
+    "description": "Detects FreePBX authentication bypass and SQL injection chain via admin config endpoint (CVE-2025-66039, CVE-2025-61675)",
+    "label": "FreePBX - Authentication Bypass SQLI",
+    "behaviors": [
+      "http:exploit"
+    ],
+    "mitre_attacks": [
+      "TA0001:T1190"
+    ],
+    "confidence": 3,
+    "spoofable": 0,
+    "cti": true,
+    "service": "http",
+    "created_at": "2026-02-26T09:31:51",
+    "cves": [
+      "CVE-2025-66039"
+    ],
+    "cwes": [
+      "CWE-89"
+    ]
+  },
   "crowdsecurity/vpatch-CVE-2025-8110": {
     "name": "crowdsecurity/vpatch-CVE-2025-8110",
     "description": "Detects symlink bypass vulnerability in Gogs PutContents API allowing file overwrite and potential RCE (CVE-2025-8110)",
