diff --git a/src/content/docs/waf/change-log/2025-05-19.mdx b/src/content/docs/waf/change-log/2025-05-19.mdx new file mode 100644 index 000000000000000..7f902a9a8e04561 --- /dev/null +++ b/src/content/docs/waf/change-log/2025-05-19.mdx @@ -0,0 +1,86 @@ +--- +title: "2025-05-19" +type: table +pcx_content_type: release-notes +sidebar: + order: 789 +tableOfContents: false +--- + +import { RuleID } from "~/components"; + +This week's analysis covers four vulnerabilities, with three rated critical due to their Remote Code Execution (RCE) potential. One targets a high-traffic frontend platform, while another targets a popular content management system. These detections are now part of the Cloudflare Managed Ruleset in _Block_ mode. + +**Key Findings** + +- Commvault Command Center (CVE-2025-34028) exposes an unauthenticated RCE via insecure command injection paths in the web UI. This is critical due to its use in enterprise backup environments. +- BentoML (CVE-2025-27520) reveals an exploitable vector where serialized payloads in model deployment APIs can lead to arbitrary command execution. This targets modern AI/ML infrastructure. +- Craft CMS (CVE-2024-56145) allows RCE through template injection in unauthenticated endpoints. It poses a significant risk for content-heavy websites with plugin extensions. +- Apache HTTP Server (CVE-2024-38475) discloses sensitive server config data due to misconfigured +`mod_proxy` behavior. While not RCE, this is useful for pre-attack recon. + +**Impact** + +These newly detected vulnerabilities introduce critical risk across modern web stacks, AI infrastructure, and content platforms: unauthenticated RCEs in Commvault, BentoML, and Craft CMS enable full system compromise with minimal attacker effort. + +Apache HTTPD information leak can support targeted reconnaissance, increasing the success rate of follow-up exploits. Organizations using these platforms should prioritize patching and monitor for indicators of exploitation using updated WAF detection rules. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset + + 100745Apache HTTP Server - Information Disclosure - CVE:CVE-2024-38475LogBlockThis is a New Detection
Cloudflare Managed Ruleset + + 100747Commvault Command Center - Remote Code Execution - CVE:CVE-2025-34028LogBlockThis is a New Detection
Cloudflare Managed Ruleset + + 100749BentoML - Remote Code Execution - CVE:CVE-2025-27520LogDisabledThis is a New Detection
Cloudflare Managed Ruleset + + 100753Craft CMS - Remote Code Execution - CVE:CVE-2024-56145LogBlockThis is a New Detection
diff --git a/src/content/docs/waf/change-log/scheduled-changes.mdx b/src/content/docs/waf/change-log/scheduled-changes.mdx index 4622076409fb999..7a26c859752ef30 100644 --- a/src/content/docs/waf/change-log/scheduled-changes.mdx +++ b/src/content/docs/waf/change-log/scheduled-changes.mdx @@ -25,58 +25,102 @@ import { RSSButton, RuleID } from "~/components"; - 2025-05-13 2025-05-19 + 2025-05-26 Log - 100745 + 100746 + + + + Vercel - Information Disclosure + This is a New Detection + + + 2025-05-19 + 2025-05-26 + Log + 100754 - + - Apache HTTP Server - Information Disclosure - CVE:CVE-2024-38475 + AJ-Report - Remote Code Execution - CVE:CVE-2024-15077 This is a New Detection - 2025-05-13 2025-05-19 + 2025-05-26 Log - 100746 + 100756 - + - Vercel - Information Disclosure + NAKIVO Backup - Remote Code Execution - CVE:CVE-2024-48248 This is a New Detection - 2025-05-13 2025-05-19 + 2025-05-26 Log - 100747 + 100757 - + - Commvault Command Center - Remote Code Execution - CVE:CVE-2025-34028 + Ingress-Nginx - Remote Code Execution - CVE:CVE-2025-1098 This is a New Detection - 2025-05-13 2025-05-19 + 2025-05-26 Log - 100749 + 100759 - + - BentoML - Remote Code Execution - CVE:CVE-2025-27520 + SAP NetWeaver - Dangerous File Upload - CVE:CVE-2025-31324 This is a New Detection - 2025-05-13 2025-05-19 + 2025-05-26 Log - 100753 + 100760 - + - Craft CMS - Remote Code Execution - CVE:CVE-2024-56145 + Craft CMS - Remote Code Execution - CVE:CVE-2025-32432 + This is a New Detection + + + 2025-05-19 + 2025-05-26 + Log + 100761 + + + + GitHub Action - Remote Code Execution - CVE:CVE-2025-30066 + This is a New Detection + + + 2025-05-19 + 2025-05-26 + Log + 100762 + + + + Ivanti EPMM - Auth Bypass - CVE:CVE-2025-4428, CVE:CVE-2025-4427 + This is a New Detection + + + 2025-05-19 + 2025-05-26 + Log + 100763 + + + + F5 Big IP - Remote Code Execution - CVE:CVE-2025-31644 This is a New Detection diff --git a/src/content/release-notes/waf.yaml b/src/content/release-notes/waf.yaml index 9c06aa8bf8ea9e8..2cd21e0665f61dd 100644 --- a/src/content/release-notes/waf.yaml +++ b/src/content/release-notes/waf.yaml @@ -5,11 +5,14 @@ productLink: "/waf/" productArea: Application security productAreaLink: /fundamentals/reference/changelog/security/ entries: - - publish_date: "2025-05-13" - scheduled_date: "2025-05-19" + - publish_date: "2025-05-19" + scheduled_date: "2025-05-26" individual_page: true scheduled: true link: "/waf/change-log/scheduled-changes/" + - publish_date: "2025-05-19" + individual_page: true + link: "/waf/change-log/2025-05-19/" - publish_date: "2025-05-05" individual_page: true link: "/waf/change-log/2025-05-05/"