waf EMERGENCY release 5 nov (#26335)

Author: fb1337

src/content/changelog/waf/2025-11-05-emergency-waf-release.mdx

@@ -0,0 +1,44 @@
+---
+title: "WAF Release - 2025-11-05 - Emergency"
+description: Cloudflare WAF managed rulesets 2025-10-30 emergency release
+date: 2025-11-05
+---
+
+import { RuleID } from "~/components";
+
+This week’s emergency release introduces a new detection signature that enhances coverage for a critical vulnerability in the React Native Metro Development Server, tracked as CVE-2025-11953.
+
+**Key Findings**
+
+The Metro Development Server exposes an HTTP endpoint that is vulnerable to OS command injection (CWE-78). An unauthenticated network attacker can send a crafted request to this endpoint and execute arbitrary commands on the host running Metro. The vulnerability affects Metro/cli-server-api builds used by React Native Community CLI in pre-patch development releases.
+
+**Impact**
+
+Successful exploitation of CVE-2025-11953 may result in remote command execution on developer workstations or CI/build agents, leading to credential and secret exposure, source tampering, and potential lateral movement into internal networks. Administrators and developers are strongly advised to apply the vendor's patches and restrict Metro’s network exposure to reduce this risk. 
+
+<table style="width: 100%">
+  <thead>
+    <tr>
+      <th>Ruleset</th>
+      <th>Rule ID</th>
+      <th>Legacy Rule ID</th>
+      <th>Description</th>
+      <th>Previous Action</th>
+      <th>New Action</th>
+      <th>Comments</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="db6b9e1ac1494971ae8c70aac8e30c5b" />
+      </td>
+      <td>N/A</td>
+      <td>React Native Metro - Command Injection - CVE:CVE-2025-11953</td>
+      <td>N/A</td>
+      <td>Block</td>
+      <td>This is a New Detection</td>
+    </tr>
+  </tbody>
+</table>