Skip to content

release June 02-2025 #22834

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jun 3, 2025
Merged

release June 02-2025 #22834

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
72e5aa4
release June 02-2025
fb1337 Jun 2, 2025
865b032
Update capitalization
pedrosousa Jun 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
117 changes: 117 additions & 0 deletions src/content/docs/waf/change-log/2025-06-02.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
---
title: "2025-06-02"
type: table
pcx_content_type: release-notes
sidebar:
order: 787
tableOfContents: false
---

import { RuleID } from "~/components";

This week’s roundup highlights five high-risk vulnerabilities affecting SD-WAN, load balancers, and AI platforms. Several flaws enable unauthenticated remote code execution or authentication bypass.

**Key Findings**

- Versa Concerto SD-WAN (CVE-2025-34026, CVE-2025-34027): Authentication bypass vulnerabilities allow attackers to gain unauthorized access to SD-WAN management interfaces, compromising network segmentation and control.
- Kemp LoadMaster (CVE-2024-7591): Remote Code Execution vulnerability enables attackers to execute arbitrary commands, potentially leading to full device compromise within enterprise load balancing environments.
- AnythingLLM (CVE-2024-0759): Server-Side Request Forgery (SSRF) flaw allows external attackers to force the LLM backend to make unauthorized internal network requests, potentially exposing sensitive internal resources.
- Anyscale Ray (CVE-2023-48022): Remote Code Execution vulnerability affecting distributed AI workloads, allowing attackers to execute arbitrary code on Ray cluster nodes.
- Server-Side Request Forgery (SSRF) - Generic & Obfuscated Payloads: Ongoing advancements in SSRF payload techniques observed, including obfuscation and expanded targeting of cloud metadata services and internal IP ranges.

**Impact**

These vulnerabilities expose critical infrastructure across networking, AI platforms, and SaaS integrations. Unauthenticated RCE and auth bypass flaws in Versa Concerto, Kemp LoadMaster, and Anyscale Ray allow full system compromise. AnythingLLM and SSRF payload variants expand attack surfaces into internal cloud resources, sensitive APIs, and metadata services, increasing risk of privilege escalation, data theft, and persistent access.

<table style="width: 100%">
<thead>
<tr>
<th>Ruleset</th>
<th>Rule ID</th>
<th>Legacy Rule ID</th>
<th>Description</th>
<th>Previous Action</th>
<th>New Action</th>
<th>Comments</th>
</tr>
</thead>
<tbody>
<tr>
<td>Cloudflare Managed Ruleset</td>
<td>
<RuleID id="752cfb5e6f9c46f0953c742139b52f02" />
</td>
<td>100764</td>
<td>Versa Concerto SD-WAN - Auth Bypass - CVE:CVE-2025-34027</td>
<td>Log</td>
<td>Block</td>
<td>This is a New Detection</td>
</tr>
<tr>
<td>Cloudflare Managed Ruleset</td>
<td>
<RuleID id="a01171de18034901b48a5549a34edb97" />
</td>
<td>100765</td>
<td>Versa Concerto SD-WAN - Auth Bypass - CVE:CVE-2025-34026</td>
<td>Log</td>
<td>Block</td>
<td>This is a New Detection</td>
</tr>
<tr>
<td>Cloudflare Managed Ruleset</td>
<td>
<RuleID id="840b35492a7543c18ffe50fc0d99b2db" />
</td>
<td>100766</td>
<td>Kemp LoadMaster - Remote Code Execution - CVE:CVE-2024-7591</td>
<td>Log</td>
<td>Block</td>
<td>This is a New Detection</td>
</tr>
<tr>
<td>Cloudflare Managed Ruleset</td>
<td>
<RuleID id="121b7070de3a459dbe80d7ed95aa3a4f" />
</td>
<td>100767</td>
<td>AnythingLLM - SSRF - CVE:CVE-2024-0759</td>
<td>Log</td>
<td>Block</td>
<td>This is a New Detection</td>
</tr>
<tr>
<td>Cloudflare Managed Ruleset</td>
<td>
<RuleID id="215417f989e2485a9c50eca0840a0966" />
</td>
<td>100768</td>
<td>Anyscale Ray - Remote Code Execution - CVE:CVE-2023-48022</td>
<td>Log</td>
<td>Block</td>
<td>This is a New Detection</td>
</tr>
<tr>
<td>Cloudflare Managed Ruleset</td>
<td>
<RuleID id="3ed619a17d4141bda3a8c3869d16ee18" />
</td>
<td>100781</td>
<td>SSRF - Generic Payloads</td>
<td>N/A</td>
<td>Disabled</td>
<td>This is a New Detection</td>
</tr>
<tr>
<td>Cloudflare Managed Ruleset</td>
<td>
<RuleID id="7ce73f6a70be49f8944737465c963d9d" />
</td>
<td>100782</td>
<td>SSRF - Obfuscated Payloads</td>
<td>N/A</td>
<td>Disabled</td>
<td>This is a New Detection</td>
</tr>
</tbody>
</table>
43 changes: 16 additions & 27 deletions src/content/docs/waf/change-log/scheduled-changes.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,58 +25,47 @@ import { RSSButton, RuleID } from "~/components";
</thead>
<tbody>
<tr>
<td>2025-05-27</td>
<td>2025-06-02</td>
<td>2025-06-09</td>
<td>Log</td>
<td>100764</td>
<td>100769</td>
<td>
<RuleID id="752cfb5e6f9c46f0953c742139b52f02" />
<RuleID id="4afd50a3ef1948bba87c4e620debd86e" />
</td>
<td>Versa Concerto SD-WAN - Auth Bypass - CVE:CVE-2025-34027</td>
<td>Wordpress OttoKit Plugin - Privilege Escalation - CVE:CVE-2025-27007</td>
<td>This is a New Detection</td>
</tr>
<tr>
<td>2025-05-27</td>
<td>2025-06-02</td>
<td>2025-06-09</td>
<td>Log</td>
<td>100765</td>
<td>100770</td>
<td>
<RuleID id="a01171de18034901b48a5549a34edb97" />
<RuleID id="24134c41c3e940daa973b4b95f57b448" />
</td>
<td>Versa Concerto SD-WAN - Auth Bypass - CVE:CVE-2025-34026</td>
<td>SAP NetWeaver - Remote Code Execution - CVE:CVE-2025-42999</td>
<td>This is a New Detection</td>
</tr>
<tr>
<td>2025-05-27</td>
<td>2025-06-02</td>
<td>2025-06-09</td>
<td>Log</td>
<td>100766</td>
<td>100779</td>
<td>
<RuleID id="840b35492a7543c18ffe50fc0d99b2db" />
<RuleID id="4f219ac0be3545a5be5f0bf34df8857a" />
</td>
<td>Kemp LoadMaster - Remote Code Execution - CVE:CVE-2024-7591</td>
<td>Fortinet FortiVoice - Buffer Error - CVE:CVE-2025-32756</td>
<td>This is a New Detection</td>
</tr>
<tr>
<td>2025-05-27</td>
<td>2025-06-02</td>
<td>2025-06-09</td>
<td>Log</td>
<td>100767</td>
<td>100780</td>
<td>
<RuleID id="121b7070de3a459dbe80d7ed95aa3a4f" />
<RuleID id="bc8dfbe8cbac4c039725ec743b840107" />
</td>
<td>AnythingLLM - SSRF - CVE:CVE-2024-0759</td>
<td>This is a New Detection</td>
</tr>
<tr>
<td>2025-05-27</td>
<td>2025-06-02</td>
<td>Log</td>
<td>100768</td>
<td>
<RuleID id="215417f989e2485a9c50eca0840a0966" />
</td>
<td>Anyscale Ray - Remote Code Execution - CVE:CVE-2023-48022</td>
<td>Camaleon CMS - Remote Code Execution - CVE:CVE-2024-46986</td>
<td>This is a New Detection</td>
</tr>
</tbody>
Expand Down
7 changes: 5 additions & 2 deletions src/content/release-notes/waf.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,14 @@ productLink: "/waf/"
productArea: Application security
productAreaLink: /fundamentals/reference/changelog/security/
entries:
- publish_date: "2025-05-27"
scheduled_date: "2025-06-02"
- publish_date: "2025-06-02"
scheduled_date: "2025-06-09"
individual_page: true
scheduled: true
link: "/waf/change-log/scheduled-changes/"
- publish_date: "2025-06-02"
individual_page: true
link: "/waf/change-log/2025-06-02/"
- publish_date: "2025-05-27"
individual_page: true
link: "/waf/change-log/2025-05-27/"
Expand Down
Loading