Rule Library

Sigma Rules

1 rule found for "CVE-2025-30406"

3,731Total

3,132Detection

457Emerging

139Hunting

Filters

Type

Severity

Status

Product

Suspicious Process Spawned by CentreStack Portal AppPool

Detects unexpected command shell execution (cmd.exe) from w3wp.exe when tied to CentreStack's portal.config, indicating potential exploitation (e.g., CVE-2025-30406)

WindowsProcess Creation

Jason Rathbun (Blackpoint Cyber)Thu Apr 172025