waf-release-oct-13-2025 (#25801)

Author: fb1337

src/content/changelog/waf/2025-10-13-waf-release.mdx

@@ -0,0 +1,44 @@
+---
+title: "WAF Release - 2025-10-13"
+description: Cloudflare WAF managed rulesets 2025-10-13 release
+date: 2025-10-13
+---
+
+import { RuleID } from "~/components";
+
+This week’s highlights include a new JinJava rule targeting a sandbox-bypass flaw that could allow malicious template input to escape execution controls. The rule improves detection for unsafe template rendering paths.
+
+**Key Findings**
+
+New WAF rule deployed for JinJava (CVE-2025-59340) to block a sandbox bypass in the template engine that permits attacker-controlled type construction and arbitrary class instantiation; in vulnerable environments this can escalate to remote code execution and full server compromise.
+
+**Impact**
+
+- CVE-2025-59340 — Exploitation enables attacker-supplied type descriptors / Jackson `ObjectMapper` abuse, allowing arbitrary class loading, file/URL access (LFI/SSRF primitives) and, with suitable gadget chains, potential remote code execution and system compromise.
+
+<table style="width: 100%">
+	<thead>
+		<tr>
+			<th>Ruleset</th>
+			<th>Rule ID</th>
+			<th>Legacy Rule ID</th>
+			<th>Description</th>
+			<th>Previous Action</th>
+			<th>New Action</th>
+			<th>Comments</th>
+		</tr>
+	</thead>
+	<tbody>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="b327d6442e2d4848b4aab3cbc04bab5f" />
+			</td>
+			<td>100892</td>
+			<td>JinJava - SSTI - CVE:CVE-2025-59340</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+	</tbody>
+</table>

src/content/changelog/waf/scheduled-waf-release.mdx

@@ -1,7 +1,7 @@
 ---
-title: WAF Release - Scheduled changes for 2025-10-13
-description: WAF managed ruleset changes scheduled for 2025-10-13
-date: 2025-10-06
+title: WAF Release - Scheduled changes for 2025-10-20
+description: WAF managed ruleset changes scheduled for 2025-10-20
+date: 2025-10-13
 scheduled: true
 ---
 
@@ -21,15 +21,26 @@ import { RuleID } from "~/components";
   </thead>
   <tbody>
    <tr>
-      <td>2025-10-06</td>
       <td>2025-10-13</td>
+      <td>2025-10-20</td>
       <td>Log</td>
-      <td>100892</td>
+      <td>100598A</td>
       <td>
-        <RuleID id="b327d6442e2d4848b4aab3cbc04bab5f" />
+        <RuleID id="933fc13202cd4e8ba498c0f32b4101ab" />
       </td>
-      <td>JinJava - SSTI - CVE:CVE-2025-59340</td>
-      <td>This is a New Detection</td>
+      <td>Remote Code Execution - Common Bash Bypass - Beta</td>
+      <td>This rule is merged into the original rule "Remote Code Execution - Common Bash Bypass" (ID: <RuleID id="f8238867ed3e4d3a9a7b731a50cec478" />)</td>
    </tr>
+   <tr>
+      <td>2025-10-13</td>
+      <td>2025-10-20</td>
+      <td>Log</td>
+      <td>100916A</td>
+      <td>
+        <RuleID id="185b5df42d1e44e0aeb8f8b8a1118614" />
+      </td>
+      <td>Oracle E-Business Suite - Remote Code Execution - CVE:CVE-2025-61882 - 2</td>
+      <td>This is a New Detection</td>
+   </tr> 
   </tbody>
 </table>