Release Date: April 22, 2025
We’re excited to announce the immediate availability of Forward Enterprise version 25.4.0. This release delivers enhancements across security, data analysis, cloud automation, topology visualization, and collection workflows.
See the full Forward Enterprise 25.4.0 Release Notes for more information.
What’s New
Security – Enhanced CVE Detection Details
Forward Enterprise now provides more detailed classifications for CVE detection results, helping security teams quickly assess risk and determine next steps. The new vulnerability states include:
-
Config-independent vulnerability – Device is confirmed vulnerable regardless of configuration.
-
Config confirmed vulnerable – Specific configuration elements trigger the vulnerability.
-
Config detection not supported – Analysis not yet supported for this device/vendor. Manual verification is recommended.
-
Config cannot be confirmed – Analysis was incomplete or inconclusive. Manual investigation is required.
-
Config not vulnerable – Current configuration does not expose the vulnerability.
Security – Sonic Dell Device Support
This release expands vulnerability detection coverage to Sonic Dell devices, beginning with versions released in 2015.
Security – STIGs Update
Forward Enterprise now includes the DISA CY25Q1 STIG updates published on January 30, 2025. The integration covers 50 updated rules and was delivered within the 90-day compliance window.
Data Analysis – End of Life (EoL) Enhancements
End of Life analysis, first introduced in version 24.11, now includes additional Cisco hardware platforms. Located in the Inventory+ Forward Library under the "Device" folder, the enhanced EoL analysis covers:
-
End of Support
-
End of Vulnerability
-
End of Maintenance
Cloud – Automatic Reporting of Discovered Accounts
Forward Enterprise now automatically reports newly discovered cloud accounts during data collection. Users can optionally auto-add these accounts to their collections, simplifying cloud environment onboarding at scale.
Topology – Annotations
Users can now annotate location layouts using text and basic shapes. This enables teams to highlight network design details, communicate topology-related insights, and provide visual context directly within the topology map.
Collection – Custom Commands: Flexible Device Selection
Custom command groups now support greater targeting flexibility. In addition to selecting by device type, you can define commands for:
-
Individual devices
-
Groups of devices matched dynamically using name-based globs
Additional Features
-
IP Location Logic – Subnets can now be excluded from geolocation to internet nodes (available via API).
-
Collection Credentials – CLI and HTTP credentials are now managed separately for improved security and clarity.
-
SNMP Collection – Added support for multiple SHA authentication types: SHA-256, SHA-384, and SHA-512.
-
CLI Collection – Introduced Telnet support for CLI-based endpoints.
