WAFMR Release July 28th - 2025

fb1337 · fb1337 · commit 6f64ffe4d62c · 2025-07-28T14:02:49.000-04:00
diff --git a/src/content/changelog/waf/2025-07-28-waf-release.mdx b/src/content/changelog/waf/2025-07-28-waf-release.mdx
@@ -0,0 +1,93 @@
+---
+title: "WAF Release - 2025-07-28"
+description: Cloudflare WAF managed rulesets 2025-07-28 release
+date: 2025-07-28
+---
+
+import { RuleID } from "~/components";
+
+This week’s update spotlights several vulnerabilities across Apache Tomcat, MongoDB,Fortinet FortiWeb . Several flaws related with a memory leak in Apache Tomcat can lead to a denial-of-service attack. Additionally, a code injection flaw in MongoDB's Mongoose library allows attackers to bypass security controls to access restricted data.
+
+
+**Key Findings**
+
+- Fortinet FortiWeb (CVE-2025-25257): An improper neutralization of special elements used in an SQL command vulnerability in Fortinet FortiWeb versions allows an unauthenticated attacker to execute unauthorized SQL code or commands.
+
+- Apache Tomcat (CVE-2025-31650): A improper Input Validation vulnerability in Apache Tomcat that could create memory leak when incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request.
+
+- MongoDB (CVE-2024-53900, CVE:CVE-2025-23061): Improperly use $where in match and a nested $where filter with a populate() match in Mongoose that leads to search injection.
+
+**Impact**
+
+These vulnerabilities target user-facing components, web application servers, and back-end databases. A SQL injection flaw in Fortinet FortiWeb can lead to data theft or system compromise. A separate issue in Apache Tomcat involves a memory leak from improper input validation, which could be exploited for a denial-of-service (DoS) attack. Finally, a vulnerability in MongoDB's Mongoose library allows attackers to bypass security filters and access unauthorized data through malicious search queries.
+
+<table style="width: 100%">
+	<thead>
+		<tr>
+			<th>Ruleset</th>
+			<th>Rule ID</th>
+			<th>Legacy Rule ID</th>
+			<th>Description</th>
+			<th>Previous Action</th>
+			<th>New Action</th>
+			<th>Comments</th>
+		</tr>
+	</thead>
+	<tbody>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="6ab3bd3b58fb4325ac2d3cc73461ec9e" />
+			</td>
+			<td>100804</td>
+			<td>BerriAI - SSRF - CVE:CVE-2024-6587</td>
+			<td>Log</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="2e6c4d02f42a4c3ca90649d50cb13e1d" />
+			</td>
+			<td>100812</td>
+			<td>Fortinet FortiWeb - Remote Code Execution - CVE:CVE-2025-25257</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="fd360d8fd9994e6bab6fb06067fae7f7" />
+			</td>
+			<td>100813</td>
+			<td>Apache Tomcat - DoS - CVE:CVE-2025-31650</td>
+			<td>Log</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="f9e01e28c5d6499cac66364b4b6a5bb1" />
+			</td>
+			<td>100815</td>
+			<td>MongoDB - Remote Code Execution - CVE:CVE-2024-53900, CVE:CVE-2025-23061</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="700d4fcc7b1f481a80cbeee5688f8e79" />
+			</td>
+			<td>100816</td>
+			<td>MongoDB - Remote Code Execution - CVE:CVE-2024-53900, CVE:CVE-2025-23061</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+	</tbody>
+</table>
diff --git a/src/content/changelog/waf/scheduled-waf-release.mdx b/src/content/changelog/waf/scheduled-waf-release.mdx
@@ -1,7 +1,7 @@
 ---
 title: WAF Release - Scheduled changes for 2025-07-28
-description: WAF managed ruleset changes scheduled for 2025-07-28
-date: 2025-07-21
+description: WAF managed ruleset changes scheduled for 2025-08-04
+date: 2025-07-28
 scheduled: true
 ---
 
@@ -20,64 +20,82 @@ import { RuleID } from "~/components";
 		</tr>
 	</thead>
 	<tbody>
-		<tr>
-	    <td>2025-07-21</td>
+	  <tr>
 	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
 	    <td>Log</td>
-	    <td>100804</td>
+	    <td>100535, 100535A</td>
 	    <td>
-	        <RuleID id="6ab3bd3b58fb4325ac2d3cc73461ec9e" />
+	        <RuleID id="8b8074e73b7d4aba92fc68f3622f0483" />
 	    </td>
-	    <td>BerriAI - SSRF - CVE:CVE-2024-6587</td>
+	    <td>Sitecore - Code Injection - CVE:CVE-2025-27218</td>
 	    <td>This is a New Detection</td>
-    </tr>
-		<tr>
-			<td>2025-07-21</td>
-			<td>2025-07-28</td>
-			<td>Log</td>
-			<td>100812</td>
-			<td>
-				<RuleID id="2e6c4d02f42a4c3ca90649d50cb13e1d" />
-			</td>
-			<td>Fortinet FortiWeb - Remote Code Execution - CVE:CVE-2025-25257</td>
-			<td>This is a New Detection</td>
-		</tr>
-		<tr>
-			<td>2025-07-21</td>
-			<td>2025-07-28</td>
-			<td>Log</td>
-			<td>100813</td>
-			<td>
-				<RuleID id="fd360d8fd9994e6bab6fb06067fae7f7" />
-			</td>
-			<td>Apache Tomcat - DoS - CVE:CVE-2025-31650</td>
-			<td>This is a New Detection</td>
-		</tr>
-		<tr>
-			<td>2025-07-21</td>
-			<td>2025-07-28</td>
-			<td>Log</td>
-			<td>100815</td>
-			<td>
-				<RuleID id="f9e01e28c5d6499cac66364b4b6a5bb1" />
-			</td>
-			<td>
-				MongoDB - Remote Code Execution - CVE:CVE-2024-53900, CVE:CVE-2025-23061
-			</td>
-			<td>This is a New Detection</td>
-		</tr>
-		<tr>
-			<td>2025-07-21</td>
-			<td>2025-07-28</td>
-			<td>Log</td>
-			<td>100816</td>
-			<td>
-				<RuleID id="700d4fcc7b1f481a80cbeee5688f8e79" />
-			</td>
-			<td>
-				MongoDB - Remote Code Execution - CVE:CVE-2024-53900, CVE:CVE-2025-23061
-			</td>
-			<td>This is a New Detection</td>
-		</tr>
+	  </tr>
+  	  <tr>
+	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
+	    <td>Log</td>
+	    <td>100543</td>
+	    <td>
+	        <RuleID id="f71ce87ea6e54eab999223df579cd3e0" />
+	    </td>
+	    <td>Grafana - Directory Traversal - CVE:CVE-2025-4123</td>
+	    <td>This is a New Detection</td>
+	  </tr>
+  	  <tr>
+	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
+	    <td>Log</td>
+	    <td>100545</td>
+	    <td>
+	        <RuleID id="bba3d37891a440fb8bc95b970cbd9abc" />
+	    </td>
+	    <td>Wordpress - Information Disclosure - CVE:CVE-2023-5561</td>
+	    <td>This is a New Detection</td>
+	  </tr>
+	  <tr>
+	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
+	    <td>Log</td>
+	    <td>100820</td>
+	    <td>
+	        <RuleID id="28108d25f1cf470c8e7648938f634977" />
+	    </td>
+	    <td>CentOS WebPanel - Remote Code Execution - CVE:CVE-2025-48703</td>
+	    <td>This is a New Detection</td>
+	  </tr>
+	  <tr>
+	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
+	    <td>Log</td>
+	    <td>100821</td>
+	    <td>
+	        <RuleID id="9d69c796a61444a3aca33dc282ae64c1" />
+	    </td>
+	    <td>LaRecipe - SSTI - CVE:CVE-2025-53833</td>
+	    <td>This is a New Detection</td>
+	  </tr>
+	  <tr>
+	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
+	    <td>Log</td>
+	    <td>100822</td>
+	    <td>
+	        <RuleID id="9b5c5e13d2ca4253a89769f2194f7b2d" />
+	    </td>
+	    <td>Wordpress:Plugin:WPBookit - Remote Code Execution - CVE:CVE-2025-6058</td>
+	    <td>This is a New Detection</td>
+	  </tr>
+	  <tr>
+	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
+	    <td>Log</td>
+	    <td>100823</td>
+	    <td>
+	        <RuleID id="69d43d704b0641898141a4300bf1b661" />
+	    </td>
+	    <td>Wordpress:Theme:Motors - Privilege Escalation - CVE:CVE-2025-4322</td>
+	    <td>This is a New Detection</td>
+	  </tr>
 	</tbody>
 </table>
