Release-Sep-15-2025 (#25168)

vs-mg · web-flow · commit 34141019a7d9 · 2025-09-15T15:47:53.000-05:00
diff --git a/src/content/changelog/waf/2025-09-15-waf-release.mdx b/src/content/changelog/waf/2025-09-15-waf-release.mdx
@@ -0,0 +1,74 @@
+---
+title: "WAF Release - 2025-09-15"
+description: Cloudflare WAF managed rulesets 2025-09-15 release
+date: 2025-09-15
+---
+
+import { RuleID } from "~/components";
+
+**This week's update**
+
+This week’s focus highlights newly disclosed vulnerabilities in DevOps tooling, data visualization platforms, and enterprise CMS solutions. These issues include sensitive information disclosure and remote code execution, putting organizations at risk of credential leakage, unauthorized access, and full system compromise.
+
+**Key Findings**
+
+* Argo CD (CVE-2025-55190): Exposure of sensitive information could allow attackers to access credential data stored in configurations, potentially leading to compromise of Kubernetes workloads and secrets.Next.js (CVE-2025-57822): Improper handling of redirects in custom middleware can lead to server-side request forgery (SSRF) when user-supplied headers are forwarded. Attackers could exploit this to access internal services or cloud metadata endpoints. The issue has been resolved in versions 14.2.32 and 15.4.7. Developers using custom middleware should upgrade and verify proper redirect handling in `next()` calls.
+
+* DataEase (CVE-2025-57773): Insufficient input validation enables JNDI injection and insecure deserialization, resulting in remote code execution (RCE). Successful exploitation grants attackers control over the application server.
+
+* Sitecore (CVE-2025-53694): A sensitive information disclosure flaw allows unauthorized access to confidential information stored in Sitecore deployments, raising the risk of data breaches and privilege escalation.
+
+**Impact**
+
+These vulnerabilities expose organizations to serious risks, including credential theft, unauthorized access, and full system compromise. Argo CD’s flaw may expose Kubernetes secrets, DataEase exploitation could give attackers remote execution capabilities, and Sitecore’s disclosure issue increases the likelihood of sensitive data leakage and business impact.
+
+Administrators are strongly advised to apply vendor patches immediately, rotate exposed credentials, and review access controls to mitigate these risks.
+
+<table style="width: 100%">
+  <thead>
+    <tr>
+      <th>Ruleset</th>
+      <th>Rule ID</th>
+      <th>Legacy Rule ID</th>
+      <th>Description</th>
+      <th>Previous Action</th>
+      <th>New Action</th>
+      <th>Comments</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="199cce9ab21e40bcb535f01b2ee2085f" />
+      </td>
+      <td>100646</td>
+      <td>Argo CD - Information Disclosure - CVE:CVE-2025-55190s</td>
+      <td>Log</td>
+      <td>Disabled</td>
+      <td>This is a New Detection</td>
+    </tr>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="e513bb21b6a44f9cbfcd2462f5e20788" />
+      </td>
+      <td>100874</td>
+      <td>DataEase - JNDI injection - CVE:CVE-2025-57773</td>
+      <td>Log</td>
+      <td>Disabled</td>
+      <td>This is a New Detection</td>
+    </tr>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="be097f5a71a04f27aa87b60d005a12fd" />
+      </td>
+      <td>100880</td>
+      <td>Sitecore - Information Disclosure - CVE:CVE-2025-53694</td>
+      <td>Log</td>
+      <td>Block</td>
+      <td>This is a New Detection</td>
+    </tr>
+  </tbody>
+</table>
diff --git a/src/content/changelog/waf/scheduled-waf-release.mdx b/src/content/changelog/waf/scheduled-waf-release.mdx
@@ -1,7 +1,7 @@
 ---
-title: WAF Release - Scheduled changes for 2025-09-15
-description: WAF managed ruleset changes scheduled for 2025-09-15
-date: 2025-09-08
+title: WAF Release - Scheduled changes for 2025-09-22
+description: WAF managed ruleset changes scheduled for 2025-09-22
+date: 2025-09-15
 scheduled: true
 ---
 
@@ -21,37 +21,92 @@ import { RuleID } from "~/components";
   </thead>
   <tbody>
     <tr>
-      <td>2025-09-08</td>
       <td>2025-09-15</td>
+      <td>2025-09-22</td>
       <td>Log</td>
-      <td>100646</td>
+      <td>100800_BETA</td>
       <td>
         <RuleID id="199cce9ab21e40bcb535f01b2ee2085f" />
       </td>
-      <td>Argo CD - Information Disclosure - CVE:CVE-2025-55190</td>
-      <td>This is a New Detection</td>
+      <td>SQLi - Obfuscated Boolean - Beta</td>
+      <td>This rule will be merged to 100800 in old WAF and 7663ea44178441a0b3205c145563445f in new WAF</td>
     </tr>
     <tr>
-      <td>2025-09-08</td>
       <td>2025-09-15</td>
+      <td>2025-09-22</td>
       <td>Log</td>
-      <td>100874</td>
+      <td>100146C</td>
       <td>
-        <RuleID id="e513bb21b6a44f9cbfcd2462f5e20788" />
+        <RuleID id="276073e60c7a4b4d91faba1fbbe18d50" />
       </td>
-      <td>DataEase - JNDI injection - CVE:CVE-2025-57773</td>
+      <td>SSRF - Cloud - 2</td>
       <td>This is a New Detection</td>
     </tr>
     <tr>
-      <td>2025-09-08</td>
       <td>2025-09-15</td>
+      <td>2025-09-22</td>
       <td>Log</td>
-      <td>100880</td>
+      <td>100146</td>
       <td>
-        <RuleID id="be097f5a71a04f27aa87b60d005a12fd" />
+        <RuleID id="c36a425ae0c94789a9bc34f06a135cbf" />
       </td>
-      <td>Sitecore - Information Disclosure - CVE:CVE-2025-53694</td>
+      <td>SSRF - Host - 2</td>
       <td>This is a New Detection</td>
-    </tr>    
+    </tr>
+     <tr>
+       <td>2025-09-15</td>
+       <td>2025-09-22</td>
+       <td>Log</td>
+       <td>100146B</td>
+       <td>
+         <RuleID id="dfa84b0aed5a4b45b953a36a57035abf" />
+       </td>
+       <td>SSRF - Local - 2</td>
+       <td>This is a New Detection</td>
+     </tr>
+     <tr>
+       <td>2025-09-15</td>
+       <td>2025-09-22</td>
+       <td>Log</td>
+       <td>100773</td>
+       <td>
+         <RuleID id="6be7e7829f3b43c688e1ac4284a619a1" />
+       </td>
+       <td>Next.js - SSRF</td>
+       <td>This is a New Detection</td>
+     </tr>
+     <tr>
+       <td>2025-09-15</td>
+       <td>2025-09-22</td>
+       <td>Log</td>
+       <td>100758</td>
+       <td>
+         <RuleID id="9f1c8d4cbf3848dbb940771bc5ced231" />
+       </td>
+       <td>Skyvern - Remote Code Execution - CVE:CVE-2025-49619</td>
+       <td>This is a New Detection</td>
+     </tr>
+		 <tr>
+		 	 <td>2025-09-15</td>
+			 <td>2025-09-22</td>
+			 <td>Log</td>
+			 <td>100714</td>
+			 <td>
+				 <RuleID id="78c856218f2d40f4b5988c8c956c1961" />
+			 </td>
+			 <td>Azure - Auth Bypass - CVE:CVE-2025-54914</td>
+			 <td>This is a New Detection</td>
+		 </tr>
+		 <tr>
+		 	 <td>2025-09-15</td>
+			 <td>2025-09-22</td>
+			 <td>Log</td>
+			 <td>100774</td>
+			 <td>
+				 <RuleID id="0cc3f50216bf4b448210bcc3983ff2dd" />
+			 </td>
+			 <td>Adobe Commerce - Remote Code Execution - CVE:CVE-2025-54236</td>
+			 <td>This is a New Detection</td>
+		 </tr>
   </tbody>
 </table>
