Release Sep 4 2025 (#24925)

* * Emergency Sep 4 2025

* Update src/content/changelog/waf/2025-09-04-emergency-waf-release.mdx

* Fix date

---------

Co-authored-by: Jun Lee <[email protected]>
Co-authored-by: Pedro Sousa <[email protected]>

Author: 3 people

src/content/changelog/waf/2025-09-04-emergency-waf-release.mdx

@@ -0,0 +1,60 @@
+---
+title: "WAF Release - 2025-09-04 - Emergency"
+description: Cloudflare WAF managed rulesets 2025-09-04 emergency release
+date: 2025-09-04
+---
+
+import { RuleID } from "~/components";
+
+**This week's update**
+
+This week, new critical vulnerabilities were disclosed in Sitecore’s Sitecore Experience Manager (XM), Sitecore Experience Platform (XP), specifically versions 9.0 through 9.3, and 10.0 through 10.4.
+These flaws are caused by unsafe data deserialization and code reflection, leaving affected systems at high risk of exploitation.
+
+**Key Findings**
+
+- CVE-2025-53691: Remote Code Execution through Insecure Deserialization
+
+- CVE-2025-53693: HTML Cache Poisoning through Unsafe Reflections
+
+**Impact**
+
+Exploitation could allow attackers to execute arbitrary code remotely on the affected system and conduct cache poisoning attacks, potentially leading to further compromise. Applying the latest vendor-released solution without delay is strongly recommended.
+
+<table style="width: 100%">
+  <thead>
+    <tr>
+      <th>Ruleset</th>
+      <th>Rule ID</th>
+      <th>Legacy Rule ID</th>
+      <th>Description</th>
+      <th>Previous Action</th>
+      <th>New Action</th>
+      <th>Comments</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="588edc74df1f4609b3c2f7ef0ee2c15e" />
+      </td>
+      <td>100878</td>
+      <td>Sitecore - Remote Code Execution - CVE:CVE-2025-53691</td>
+      <td>N/A</td>
+      <td>Block</td>
+      <td>This is a new detection</td>
+    </tr>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="d1bd7563e6254db48ce703807c5b669c" />
+      </td>
+      <td>100631</td>
+      <td>Sitecore - Cache Poisoning - CVE:CVE-2025-53693</td>
+      <td>N/A</td>
+      <td>Block</td>
+      <td>This is a new detection</td>
+    </tr>
+  </tbody>
+</table>