cloudflare · vs-mg · Jul 14, 2025 · Jul 14, 2025 · Jul 14, 2025 · Jul 14, 2025
@@ -0,0 +1,71 @@
+---
+title: "2025-07-14"
+type: table
+pcx_content_type: release-notes
+sidebar:
+  order: 783
+tableOfContents: false
+---
+
+import { RuleID } from "~/components";
+
+This week’s vulnerability analysis highlights emerging web application threats that exploit modern JavaScript behavior and SQL parsing ambiguities. Attackers continue to refine techniques such as attribute overloading and obfuscated logic manipulation to evade detection and compromise front-end and back-end systems.
+
+**Key Findings**
+
+- XSS – Attribute Overloading: A novel cross-site scripting technique where attackers abuse custom or non-standard HTML attributes to smuggle payloads into the DOM. These payloads evade traditional sanitization logic, especially in frameworks that loosely validate attributes or trust unknown tokens.
+- XSS – onToggle Event Abuse: Exploits the lesser-used onToggle event (triggered by elements like <details>) to execute arbitrary JavaScript when users interact with UI elements. This vector is often overlooked by static analyzers and can be embedded in seemingly benign components.
+- SQLi – Obfuscated Boolean Logic: An advanced SQL injection variant that uses non-standard Boolean expressions, comment-based obfuscation, or alternate encodings (e.g., /*!true*/, AND/**/1=1) to bypass basic input validation and WAF signatures. This technique is particularly dangerous in dynamic query construction contexts.
+
+**Impact**
+
+These vulnerabilities target both user-facing components and backend databases, introducing potential vectors for credential theft, session hijacking, or full data exfiltration. The XSS variants bypass conventional filters through overlooked HTML behaviors, while the obfuscated SQLi enables attackers to stealthily probe backend logic, making them especially difficult to detect and block
+
+<table style="width: 100%">
+	<thead>
+		<tr>
+			<th>Ruleset</th>
+			<th>Rule ID</th>
+			<th>Legacy Rule ID</th>
+			<th>Description</th>
+			<th>Previous Action</th>
+			<th>New Action</th>
+			<th>Comments</th>
+		</tr>
+	</thead>
+	<tbody>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="a8918353372b4191b10684eb2aa3d845" />
+			</td>
+			<td>100798</td>
+			<td>XSS - Attribute Overloading</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="31dd299ba375414dac9260c037548d06" />
+			</td>
+			<td>100799</td>
+			<td>XSS - OnToggle</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="7663ea44178441a0b3205c145563445f" />
+			</td>
+			<td>100800</td>
+			<td>SQLi - Obfuscated Boolean</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+	</tbody>
+</table>
@@ -25,36 +25,69 @@ import { RSSButton, RuleID } from "~/components";
   </thead>
   <tbody>
     <tr>
-      <td>2025-07-07</td>
 			<td>2025-07-14</td>
+			<td>2025-07-21</td>
 			<td>Log</td>
-			<td>100798</td>
+			<td>100804</td>
 			<td>
-				<RuleID id="a8918353372b4191b10684eb2aa3d845" />
+					<RuleID id="6ab3bd3b58fb4325ac2d3cc73461ec9e" />
 			</td>
-			<td>XSS - Attribute Overloading</td>
+			<td>BerriAI - SSRF - CVE:CVE-2024-6587</td>
 			<td>This is a New Detection</td>
+    </tr>
+ 		<tr>
+ 			<td>2025-07-14</td>
+ 			<td>2025-07-21</td>
+ 			<td>Log</td>
+ 			<td>100805</td>
+ 			<td>
+ 					<RuleID id="0e17d8761f1a47d5a744a75b5199b58a" />
+ 			</td>
+ 			<td>Wing FTP Server - Remote Code Execution - CVE:CVE-2025-47812</td>
+ 			<td>This is a New Detection</td>
     </tr>
     <tr>
-      <td>2025-07-07</td>
-      <td>2025-07-14</td>
+			<td>2025-07-14</td>
+			<td>2025-07-21</td>
+			<td>Log</td>
+			<td>100807</td>
+			<td>
+					<RuleID id="81ace5a851214a2f9c58a1e7919a91a4" />
+			</td>
+			<td>Infoblox NetMRI - Command Injection - CVE:CVE-2025-32813</td>
+			<td>This is a New Detection</td>
+    </tr>
+    <tr>
+			<td>2025-07-14</td>
+			<td>2025-07-21</td>
 			<td>Log</td>
-			<td>100799</td>
+			<td>100808</td>
 			<td>
-				<RuleID id="31dd299ba375414dac9260c037548d06" />
+					<RuleID id="cd8fa74e8f6f476c9380ae217899130f" />
 			</td>
-			<td>XSS - OnToggle</td>
+			<td>Citrix Netscaler ADC - Buffer Error - CVE:CVE-2025-5777</td>
 			<td>This is a New Detection</td>
     </tr>
     <tr>
-      <td>2025-07-07</td>
-      <td>2025-07-14</td>
+			<td>2025-07-14</td>
+			<td>2025-07-21</td>
+			<td>Log</td>
+			<td>100809</td>
+			<td>
+					<RuleID id="e012c7bece304a1daf80935ed1cf8e08" />
+			</td>
+			<td>Citrix Netscaler ADC - Information Disclosure - CVE:CVE-2023-4966</td>
+			<td>This is a New Detection</td>
+    </tr>
+    <tr>
+			<td>2025-07-14</td>
+			<td>2025-07-21</td>
 			<td>Log</td>
-			<td>100800</td>
+			<td>100810</td>
 			<td>
-				<RuleID id="7663ea44178441a0b3205c145563445f" />
+					<RuleID id="5d348a573a834ffd968faffc6e70469f" />
 			</td>
-			<td>SQLi - Obfuscated Boolean</td>
+			<td>Akamai CloudTest - XXE - CVE:CVE-2025-49493</td>
 			<td>This is a New Detection</td>
     </tr>
   </tbody>

@@ -5,11 +5,14 @@ productLink: "/waf/"
 productArea: Application security
 productAreaLink: /fundamentals/reference/changelog/security/
 entries:
-  - publish_date: "2025-07-07"
-    scheduled_date: "2025-07-14"
+  - publish_date: "2025-07-14"
+    scheduled_date: "2025-07-21"
     individual_page: true
     scheduled: true
     link: "/waf/change-log/scheduled-changes/"
+  - publish_date: "2025-07-14"
+    individual_page: true
+    link: "/waf/change-log/2025-07-14/"
   - publish_date: "2025-07-07"
     individual_page: true
     link: "/waf/change-log/2025-07-07/"