cloudflare · pedrosousa · Jun 17, 2025 · Jun 16, 2025 · Jun 17, 2025
@@ -0,0 +1,131 @@
+---
+title: "2025-06-16"
+type: table
+pcx_content_type: release-notes
+sidebar:
+  order: 785
+tableOfContents: false
+---
+
+import { RuleID } from "~/components";
+
+This week’s roundup highlights multiple critical vulnerabilities across popular web frameworks, plugins, and enterprise platforms. The focus lies on remote code execution (RCE), server-side request forgery (SSRF), and insecure file upload vectors that enable full system compromise or data exfiltration.
+
+**Key Findings**
+
+- Cisco IOS XE (CVE-2025-20188): Critical RCE vulnerability enabling unauthenticated attackers to execute arbitrary commands on network infrastructure devices, risking total router compromise.
+- Axios (CVE-2024-39338): SSRF flaw impacting server-side request control, allowing attackers to manipulate internal service requests when misconfigured with unsanitized user input.
+- vBulletin (CVE-2025-48827, CVE-2025-48828): Two high-impact RCE flaws enabling attackers to remotely execute PHP code, compromising forum installations and underlying web servers.
+- Invision Community (CVE-2025-47916): A critical RCE vulnerability allowing authenticated attackers to run arbitrary code in community platforms, threatening data and lateral movement risk.
+- CrushFTP (CVE-2025-32102, CVE-2025-32103): SSRF vulnerabilities in upload endpoint processing permit attackers to pivot internal network scans and abuse internal services.
+- Roundcube (CVE-2025-49113): RCE via email processing enables attackers to execute code upon viewing a crafted email—particularly dangerous for webmail deployments.
+- WooCommerce WordPress Plugin (CVE-2025-47577): Dangerous file upload vulnerability permits unauthenticated users to upload executable payloads, leading to full WordPress site takeover.
+- Cross-Site Scripting (XSS) Detection Improvements: Enhanced detection patterns.
+
+**Impact**
+
+These vulnerabilities span core systems — from routers to e-commerce to email. RCE in Cisco IOS XE, Roundcube, and vBulletin poses full system compromise. SSRF in Axios and CrushFTP supports internal pivoting, while WooCommerce’s file upload bug opens doors to mass WordPress exploitation.
+
+<table style="width: 100%">
+	<thead>
+		<tr>
+			<th>Ruleset</th>
+			<th>Rule ID</th>
+			<th>Legacy Rule ID</th>
+			<th>Description</th>
+			<th>Previous Action</th>
+			<th>New Action</th>
+			<th>Comments</th>
+		</tr>
+	</thead>
+	<tbody>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="233bcf0ce50f400989a7e44a35fefd53" />
+			</td>
+			<td>100783</td>
+			<td>Cisco IOS XE - Remote Code Execution - CVE:CVE-2025-20188</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="9284e3b1586341acb4591bfd8332af5d" />
+			</td>
+			<td>100784</td>
+			<td>Axios - SSRF - CVE:CVE-2024-39338</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="2672b175a25548aa8e0107b12e1648d2" />
+			</td>
+			<td>100785</td>
+			<td>vBulletin - Remote Code Execution - CVE:CVE-2025-48827, CVE:CVE-2025-48828</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="b77a19fb053744b49eacdab00edcf1ef" />
+			</td>
+			<td>100786</td>
+			<td>Invision Community - Remote Code Execution - CVE:CVE-2025-47916</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="aec2274743064523a9667248d6f5eb48" />
+			</td>
+			<td>100791</td>
+			<td>CrushFTP - SSRF - CVE:CVE-2025-32102, CVE:CVE-2025-32103</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="7b80e1f5575d4d99bb7d56ae30baa18a" />
+			</td>
+			<td>100792</td>
+			<td>Roundcube - Remote Code Execution - CVE:CVE-2025-49113</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="52d76f9394494b0382c7cb00229ba236" />
+			</td>
+			<td>100793</td>
+			<td>XSS - Ontoggle</td>
+			<td>Log</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="d38e657bd43f4d809c28157dfa338296" />
+			</td>
+			<td>100794</td>
+			<td>WordPress WooCommerce Plugin - Dangerous File Upload - CVE:CVE-2025-47577</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+	</tbody>
+</table>
@@ -25,92 +25,15 @@ import { RSSButton, RuleID } from "~/components";
   </thead>
   <tbody>
     <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100783</td>
+      <td></td>
+      <td></td>
+      <td></td>
+      <td></td>
       <td>
-        <RuleID id="233bcf0ce50f400989a7e44a35fefd53" />
+        <RuleID id="" />
       </td>
-      <td>Cisco IOS XE - Remote Code Execution - CVE:CVE-2025-20188</td>
-      <td>This is a New Detection</td>
-    </tr>
-    <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100784</td>
-      <td>
-        <RuleID id="9284e3b1586341acb4591bfd8332af5d" />
-      </td>
-      <td>Axios - SSRF - CVE:CVE-2024-39338</td>
-      <td>This is a New Detection</td>
-    </tr>
-    <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100785</td>
-      <td>
-        <RuleID id="2672b175a25548aa8e0107b12e1648d2" />
-      </td>
-      <td>vBulletin - Remote Code Execution - CVE:CVE-2025-48827, CVE:CVE-2025-48828</td>
-      <td>This is a New Detection</td>
-    </tr>
-    <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100786</td>
-      <td>
-        <RuleID id="b77a19fb053744b49eacdab00edcf1ef" />
-      </td>
-      <td>Invision Community - Remote Code Execution - CVE:CVE-2025-47916</td>
-      <td>This is a New Detection</td>
-    </tr>
-    <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100791</td>
-      <td>
-        <RuleID id="aec2274743064523a9667248d6f5eb48" />
-      </td>
-      <td>CrushFTP - SSRF - CVE:CVE-2025-32102, CVE:CVE-2025-32103</td>
-      <td>This is a New Detection</td>
-    </tr>
-    <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100792</td>
-      <td>
-        <RuleID id="7b80e1f5575d4d99bb7d56ae30baa18a" />
-      </td>
-      <td>Roundcube - Remote Code Execution - CVE:CVE-2025-49113</td>
-      <td>This is a New Detection</td>
-    </tr>
-   <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100793</td>
-      <td>
-        <RuleID id="52d76f9394494b0382c7cb00229ba236" />
-      </td>
-      <td>XSS - Ontoggle</td>
-      <td>This is a New Detection</td>
-    </tr>
-    <tr>
-      <td>2025-06-09</td>
-      <td>2025-06-16</td>
-      <td>Log</td>
-      <td>100794</td>
-      <td>
-        <RuleID id="d38e657bd43f4d809c28157dfa338296" />
-      </td>
-      <td>WordPress WooCommerce Plugin - Dangerous File Upload - CVE:CVE-2025-47577</td>
-      <td>This is a New Detection</td>
+      <td></td>
+      <td></td>
     </tr>
   </tbody>
 </table>
@@ -5,11 +5,14 @@ productLink: "/waf/"
 productArea: Application security
 productAreaLink: /fundamentals/reference/changelog/security/
 entries:
-  - publish_date: "2025-06-09"
-    scheduled_date: "2025-06-16"
+  - publish_date: "2025-06-16"
+    scheduled_date: "2025-06-23"
     individual_page: true
     scheduled: true
     link: "/waf/change-log/scheduled-changes/"
+  - publish_date: "2025-06-16"
+    individual_page: true
+    link: "/waf/change-log/2025-06-16/"
   - publish_date: "2025-06-09"
     individual_page: true
     link: "/waf/change-log/2025-06-09/"