|
| 1 | +--- |
| 2 | +title: "WAF Release - 2025-08-25" |
| 3 | +description: Cloudflare WAF managed rulesets 2025-08-25 release |
| 4 | +date: 2025-08-25 |
| 5 | +--- |
| 6 | + |
| 7 | +import { RuleID } from "~/components"; |
| 8 | + |
| 9 | +**This week's update** |
| 10 | + |
| 11 | +This week, critical vulnerabilities were disclosed that impact widely used open-source infrastructure, creating high-risk scenarios for code execution and operational disruption. |
| 12 | + |
| 13 | +**Key Findings** |
| 14 | + |
| 15 | +- Apache HTTP Server – Code Execution (CVE-2024-38474): A flaw in Apache HTTP Server allows attackers to achieve remote code execution, enabling full compromise of affected servers. This vulnerability threatens the confidentiality, integrity, and availability of critical web services. |
| 16 | + |
| 17 | +- Laravel (CVE-2024-55661): A security flaw in Laravel introduces the potential for remote code execution under specific conditions. Exploitation could provide attackers with unauthorized access to application logic and sensitive backend data. |
| 18 | + |
| 19 | +**Impact** |
| 20 | + |
| 21 | +These vulnerabilities pose severe risks to enterprise environments and open-source ecosystems. Remote code execution enables attackers to gain deep system access, steal data, disrupt services, and establish persistent footholds for broader intrusions. Given the widespread deployment of Apache HTTP Server and Laravel in production systems, timely patching and mitigation are critical. |
| 22 | + |
| 23 | +<table style="width: 100%"> |
| 24 | + <thead> |
| 25 | + <tr> |
| 26 | + <th>Ruleset</th> |
| 27 | + <th>Rule ID</th> |
| 28 | + <th>Legacy Rule ID</th> |
| 29 | + <th>Description</th> |
| 30 | + <th>Previous Action</th> |
| 31 | + <th>New Action</th> |
| 32 | + <th>Comments</th> |
| 33 | + </tr> |
| 34 | + </thead> |
| 35 | + <tbody> |
| 36 | + <tr> |
| 37 | + <td>Cloudflare Managed Ruleset</td> |
| 38 | + <td> |
| 39 | + <RuleID id="9b5c5e13d2ca4253a89769f2194f7b2d" /> |
| 40 | + </td> |
| 41 | + <td>100822</td> |
| 42 | + <td>WordPress:Plugin:WPBookit - Remote Code Execution - CVE:CVE-2025-6058</td> |
| 43 | + <td>N/A</td> |
| 44 | + <td>Disabled</td> |
| 45 | + <td>This was released as 100822_BETA in old WAF and ...28050359 in new WAF</td> |
| 46 | + </tr> |
| 47 | + <tr> |
| 48 | + <td>Cloudflare Managed Ruleset</td> |
| 49 | + <td> |
| 50 | + <RuleID id="456b1e8f827b4ed89fb4a54b3bdcdbad" /> |
| 51 | + </td> |
| 52 | + <td>100831</td> |
| 53 | + <td>Apache HTTP Server - Code Execution - CVE:CVE-2024-38474</td> |
| 54 | + <td>Log</td> |
| 55 | + <td>Disabled</td> |
| 56 | + <td>This is a New Detection</td> |
| 57 | + </tr> |
| 58 | + <tr> |
| 59 | + <td>Cloudflare Managed Ruleset</td> |
| 60 | + <td> |
| 61 | + <RuleID id="7dcc01e1dd074e42a26c8ca002eaac5b" /> |
| 62 | + </td> |
| 63 | + <td>100846</td> |
| 64 | + <td>Laravel - Remote Code Execution - CVE:CVE-2024-55661</td> |
| 65 | + <td>Log</td> |
| 66 | + <td>Disabled</td> |
| 67 | + <td>This is a New Detection</td> |
| 68 | + </tr> |
| 69 | + </tbody> |
| 70 | +</table> |
0 commit comments