diff --git a/src/content/docs/waf/change-log/2025-06-16.mdx b/src/content/docs/waf/change-log/2025-06-16.mdx
new file mode 100644
index 000000000000000..48ce283ce65224e
--- /dev/null
+++ b/src/content/docs/waf/change-log/2025-06-16.mdx
@@ -0,0 +1,131 @@
+---
+title: "2025-06-16"
+type: table
+pcx_content_type: release-notes
+sidebar:
+  order: 785
+tableOfContents: false
+---
+
+import { RuleID } from "~/components";
+
+This week’s roundup highlights multiple critical vulnerabilities across popular web frameworks, plugins, and enterprise platforms. The focus lies on remote code execution (RCE), server-side request forgery (SSRF), and insecure file upload vectors that enable full system compromise or data exfiltration.
+
+**Key Findings**
+
+- Cisco IOS XE (CVE-2025-20188): Critical RCE vulnerability enabling unauthenticated attackers to execute arbitrary commands on network infrastructure devices, risking total router compromise.
+- Axios (CVE-2024-39338): SSRF flaw impacting server-side request control, allowing attackers to manipulate internal service requests when misconfigured with unsanitized user input.
+- vBulletin (CVE-2025-48827, CVE-2025-48828): Two high-impact RCE flaws enabling attackers to remotely execute PHP code, compromising forum installations and underlying web servers.
+- Invision Community (CVE-2025-47916): A critical RCE vulnerability allowing authenticated attackers to run arbitrary code in community platforms, threatening data and lateral movement risk.
+- CrushFTP (CVE-2025-32102, CVE-2025-32103): SSRF vulnerabilities in upload endpoint processing permit attackers to pivot internal network scans and abuse internal services.
+- Roundcube (CVE-2025-49113): RCE via email processing enables attackers to execute code upon viewing a crafted email — particularly dangerous for webmail deployments.
+- WooCommerce WordPress Plugin (CVE-2025-47577): Dangerous file upload vulnerability permits unauthenticated users to upload executable payloads, leading to full WordPress site takeover.
+- Cross-Site Scripting (XSS) Detection Improvements: Enhanced detection patterns.
+
+**Impact**
+
+These vulnerabilities span core systems — from routers to e-commerce to email. RCE in Cisco IOS XE, Roundcube, and vBulletin poses full system compromise. SSRF in Axios and CrushFTP supports internal pivoting, while WooCommerce’s file upload bug opens doors to mass WordPress exploitation.
+
+<table style="width: 100%">
+	<thead>
+		<tr>
+			<th>Ruleset</th>
+			<th>Rule ID</th>
+			<th>Legacy Rule ID</th>
+			<th>Description</th>
+			<th>Previous Action</th>
+			<th>New Action</th>
+			<th>Comments</th>
+		</tr>
+	</thead>
+	<tbody>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="233bcf0ce50f400989a7e44a35fefd53" />
+			</td>
+			<td>100783</td>
+			<td>Cisco IOS XE - Remote Code Execution - CVE:CVE-2025-20188</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="9284e3b1586341acb4591bfd8332af5d" />
+			</td>
+			<td>100784</td>
+			<td>Axios - SSRF - CVE:CVE-2024-39338</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="2672b175a25548aa8e0107b12e1648d2" />
+			</td>
+			<td>100785</td>
+			<td>vBulletin - Remote Code Execution - CVE:CVE-2025-48827, CVE:CVE-2025-48828</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="b77a19fb053744b49eacdab00edcf1ef" />
+			</td>
+			<td>100786</td>
+			<td>Invision Community - Remote Code Execution - CVE:CVE-2025-47916</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="aec2274743064523a9667248d6f5eb48" />
+			</td>
+			<td>100791</td>
+			<td>CrushFTP - SSRF - CVE:CVE-2025-32102, CVE:CVE-2025-32103</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="7b80e1f5575d4d99bb7d56ae30baa18a" />
+			</td>
+			<td>100792</td>
+			<td>Roundcube - Remote Code Execution - CVE:CVE-2025-49113</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="52d76f9394494b0382c7cb00229ba236" />
+			</td>
+			<td>100793</td>
+			<td>XSS - Ontoggle</td>
+			<td>Log</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="d38e657bd43f4d809c28157dfa338296" />
+			</td>
+			<td>100794</td>
+			<td>WordPress WooCommerce Plugin - Dangerous File Upload - CVE:CVE-2025-47577</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+	</tbody>
+</table>
\ No newline at end of file
diff --git a/src/content/docs/waf/change-log/scheduled-changes.mdx b/src/content/docs/waf/change-log/scheduled-changes.mdx
index bfe80433fe7e0d2..ddd57c942fbb69b 100644
--- a/src/content/docs/waf/change-log/scheduled-changes.mdx
+++ b/src/content/docs/waf/change-log/scheduled-changes.mdx
@@ -25,92 +25,15 @@ import { RSSButton, RuleID } from "~/components";
   </thead>
   <tbody>
     <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100783</td>
+      <td>N/A</td>
+      <td>N/A</td>
+      <td>N/A</td>
+      <td>N/A</td>
       <td>
-        <RuleID id="233bcf0ce50f400989a7e44a35fefd53" />
+        N/A
       </td>
-      <td>Cisco IOS XE - Remote Code Execution - CVE:CVE-2025-20188</td>
-      <td>This is a New Detection</td>
-    </tr>
-    <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100784</td>
-      <td>
-        <RuleID id="9284e3b1586341acb4591bfd8332af5d" />
-      </td>
-      <td>Axios - SSRF - CVE:CVE-2024-39338</td>
-      <td>This is a New Detection</td>
-    </tr>
-    <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100785</td>
-      <td>
-        <RuleID id="2672b175a25548aa8e0107b12e1648d2" />
-      </td>
-      <td>vBulletin - Remote Code Execution - CVE:CVE-2025-48827, CVE:CVE-2025-48828</td>
-      <td>This is a New Detection</td>
-    </tr>
-    <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100786</td>
-      <td>
-        <RuleID id="b77a19fb053744b49eacdab00edcf1ef" />
-      </td>
-      <td>Invision Community - Remote Code Execution - CVE:CVE-2025-47916</td>
-      <td>This is a New Detection</td>
-    </tr>
-    <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100791</td>
-      <td>
-        <RuleID id="aec2274743064523a9667248d6f5eb48" />
-      </td>
-      <td>CrushFTP - SSRF - CVE:CVE-2025-32102, CVE:CVE-2025-32103</td>
-      <td>This is a New Detection</td>
-    </tr>
-    <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100792</td>
-      <td>
-        <RuleID id="7b80e1f5575d4d99bb7d56ae30baa18a" />
-      </td>
-      <td>Roundcube - Remote Code Execution - CVE:CVE-2025-49113</td>
-      <td>This is a New Detection</td>
-    </tr>
-   <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100793</td>
-      <td>
-        <RuleID id="52d76f9394494b0382c7cb00229ba236" />
-      </td>
-      <td>XSS - Ontoggle</td>
-      <td>This is a New Detection</td>
-    </tr>
-    <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100794</td>
-      <td>
-        <RuleID id="d38e657bd43f4d809c28157dfa338296" />
-      </td>
-      <td>WordPress WooCommerce Plugin - Dangerous File Upload - CVE:CVE-2025-47577</td>
-      <td>This is a New Detection</td>
+      <td>N/A</td>
+      <td>N/A</td>
     </tr>
   </tbody>
 </table>
\ No newline at end of file
diff --git a/src/content/release-notes/waf.yaml b/src/content/release-notes/waf.yaml
index 3e59efdcffdce16..31cb8b5f3aa640a 100644
--- a/src/content/release-notes/waf.yaml
+++ b/src/content/release-notes/waf.yaml
@@ -10,6 +10,9 @@ entries:
     individual_page: true
     scheduled: true
     link: "/waf/change-log/scheduled-changes/"
+  - publish_date: "2025-06-16"
+    individual_page: true
+    link: "/waf/change-log/2025-06-16/"
   - publish_date: "2025-06-09"
     individual_page: true
     link: "/waf/change-log/2025-06-09/"

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Managed Ruleset	+ +	100783	Cisco IOS XE - Remote Code Execution - CVE:CVE-2025-20188	Log	Block	This is a New Detection
Cloudflare Managed Ruleset	+ +	100784	Axios - SSRF - CVE:CVE-2024-39338	Log	Block	This is a New Detection
Cloudflare Managed Ruleset	+ +	100785	vBulletin - Remote Code Execution - CVE:CVE-2025-48827, CVE:CVE-2025-48828	Log	Block	This is a New Detection
Cloudflare Managed Ruleset	+ +	100786	Invision Community - Remote Code Execution - CVE:CVE-2025-47916	Log	Block	This is a New Detection
Cloudflare Managed Ruleset	+ +	100791	CrushFTP - SSRF - CVE:CVE-2025-32102, CVE:CVE-2025-32103	Log	Block	This is a New Detection
Cloudflare Managed Ruleset	+ +	100792	Roundcube - Remote Code Execution - CVE:CVE-2025-49113	Log	Block	This is a New Detection
Cloudflare Managed Ruleset	+ +	100793	XSS - Ontoggle	Log	Disabled	This is a New Detection
Cloudflare Managed Ruleset	+ +	100794	WordPress WooCommerce Plugin - Dangerous File Upload - CVE:CVE-2025-47577	Log	Block	This is a New Detection