diff --git a/src/content/changelog/waf/2025-08-04-waf-release.mdx b/src/content/changelog/waf/2025-08-04-waf-release.mdx new file mode 100644 index 000000000000000..8e3faa919bfcfd4 --- /dev/null +++ b/src/content/changelog/waf/2025-08-04-waf-release.mdx @@ -0,0 +1,139 @@ +--- +title: "WAF Release - 2025-08-04" +description: Cloudflare WAF managed rulesets 2025-08-04 release +date: 2025-08-04 +--- + +import { RuleID } from "~/components"; + +This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-grade CMS to essential backend administration tools. The findings reveal multiple vectors for attack, including critical flaws that allow for full server compromise and others that enable targeted attacks against users. + +**Key Findings** + +- Sitecore (CVE-2025-34509, CVE-2025-34510, CVE-2025-34511): A hardcoded credential allows remote attackers to access administrative APIs. Once authenticated, they can exploit an additional vulnerability to upload arbitrary files, leading to remote code execution. + +- Grafana (CVE-2025-4123): A cross-site scripting (XSS) vulnerability allows an attacker to redirect users to a malicious website, which can then execute arbitrary JavaScript in the victim's browser. + +- LaRecipe (CVE-2025-53833): Through Server-Side Template Injection, attackers can execute arbitrary commands on the server, potentially access sensitive environment variables, and escalate access depending on server configuration. + +- CentOS WebPanel (CVE-2025-48703): A command injection vulnerability could allow a remote attacker to execute arbitrary commands on the server. + +- WordPress (CVE-2023-5561): This vulnerability allows unauthenticated attackers to determine the email addresses of users who have published public posts on an affected website. + +- WordPress Plugin - WPBookit (CVE-2025-6058): A missing file type validation allows unauthenticated attackers to upload arbitrary files to the server, creating the potential for remote code execution. + +- WordPress Theme - Motors (CVE-2025-4322): Due to improper identity validation, an unauthenticated attacker can change the passwords of arbitrary users, including administrators, to gain access to their accounts. + +**Impact** + +These vulnerabilities pose a multi-layered threat to widely adopted web technologies, ranging from enterprise-grade platforms like Sitecore to everyday solutions such as WordPress, and backend tools like CentOS WebPanel. The most severe risks originate in remote code execution (RCE) flaws found in Sitecore, CentOS WebPanel, LaRecipe, and the WPBookit plugin. These allow attackers to bypass security controls and gain deep access to the server, enabling them to steal sensitive data, deface websites, install persistent malware, or use the compromised server as a launchpad for further attacks. + +The privilege escalation vulnerability is the Motors theme, which allows for a complete administrative account takeover on WordPress sites. This effectively hands control of the application to an attacker, who can then manipulate content, exfiltrate user data, and alter site functionality without needing to breach the server itself. + +The Grafana cross-site scripting (XSS) flaw can be used to hijack authenticated user sessions or steal credentials, turning a trusted user's browser into an attack vector. + +Meanwhile, the information disclosure flaw in WordPress core provides attackers with valid user emails, fueling targeted phishing campaigns that aim to secure the same account access achievable through the other exploits. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset + + 100535ASitecore - Dangerous File Upload - CVE:CVE-2025-34510, CVE:CVE-2025-34511LogBlockThis is a New Detection
Cloudflare Managed Ruleset + + 100535Sitecore - Information Disclosure - CVE:CVE-2025-34509LogBlockThis is a New Detection
Cloudflare Managed Ruleset + + 100543Grafana - Directory Traversal - CVE:CVE-2025-4123LogBlockThis is a New Detection
Cloudflare Managed Ruleset + + 100545WordPress - Information Disclosure - CVE:CVE-2023-5561LogBlockThis is a New Detection
Cloudflare Managed Ruleset + + 100814CentOS WebPanel - Remote Code Execution - CVE:CVE-2025-48703LogBlockThis is a New Detection
Cloudflare Managed Ruleset + + 100821LaRecipe - SSTI - CVE:CVE-2025-53833LogBlockThis is a New Detection
Cloudflare Managed Ruleset + + 100822WordPress:Plugin:WPBookit - Remote Code Execution - CVE:CVE-2025-6058LogBlockThis is a New Detection
Cloudflare Managed Ruleset + + 100823WordPress:Theme:Motors - Privilege Escalation - CVE:CVE-2025-4322LogBlockThis is a New Detection
\ No newline at end of file diff --git a/src/content/changelog/waf/scheduled-waf-release.mdx b/src/content/changelog/waf/scheduled-waf-release.mdx index 4ac9a04ae481d0f..706caa0a3304d90 100644 --- a/src/content/changelog/waf/scheduled-waf-release.mdx +++ b/src/content/changelog/waf/scheduled-waf-release.mdx @@ -1,112 +1,231 @@ --- -title: WAF Release - Scheduled changes for 2025-08-04 -description: WAF managed ruleset changes scheduled for 2025-08-04 -date: 2025-07-28 +title: WAF Release - Scheduled changes for 2025-08-11 +description: WAF managed ruleset changes scheduled for 2025-08-11 +date: 2025-08-04 scheduled: true --- import { RuleID } from "~/components"; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Announcement DateRelease DateRelease BehaviorLegacy Rule IDRule IDDescriptionComments
2025-07-282025-08-04Log100535A - - Sitecore - Dangerous File Upload - CVE:CVE-2025-34510, CVE:CVE-2025-34511This is a New Detection
2025-07-282025-08-04Log100535 - - Sitecore - Information Disclosure - CVE:CVE-2025-34509This is a New Detection
2025-07-282025-08-04Log100543 - - Grafana - Directory Traversal - CVE:CVE-2025-4123This is a New Detection
2025-07-282025-08-04Log100545 - - WordPress - Information Disclosure - CVE:CVE-2023-5561This is a New Detection
2025-07-282025-08-04Log100820 - - CentOS WebPanel - Remote Code Execution - CVE:CVE-2025-48703This is a New Detection
2025-07-282025-08-04Log100821 - - LaRecipe - SSTI - CVE:CVE-2025-53833This is a New Detection
2025-07-282025-08-04Log100822 - - WordPress:Plugin:WPBookit - Remote Code Execution - CVE:CVE-2025-6058This is a New Detection
2025-07-282025-08-04Log100823 - - WordPress:Theme:Motors - Privilege Escalation - CVE:CVE-2025-4322This is a New Detection
+ + + Announcement Date + Release Date + Release Behavior + Legacy Rule ID + Rule ID + Description + Comments + + + + + 2025-08-04 + 2025-08-11 + Log + 100806 + + + + Wazuh Server - Remote Code Execution - CVE:CVE-2025-24016 + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100824 + + + + CrushFTP - Remote Code Execution - CVE:CVE-2025-54309 + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100824A + + + + CrushFTP - Remote Code Execution - CVE:CVE-2025-54309 - 2 + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100825 + + + + AMI MegaRAC - Auth Bypass - CVE:CVE-2024-54085 + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100826 + + + + Kentico Xperience CMS - Auth Bypass - CVE:CVE-2025-2747 + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100827 + + + + Kentico Xperience CMS - XSS - CVE:CVE-2025-2748 + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100820 + + + + Node.js - Directory Traversal - CVE:CVE-2025-27210 + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100829 + + + + + WordPress:Plugin:Simple File List - Remote Code Execution - + CVE:CVE-2025-34085 + + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100829A + + + + + WordPress:Plugin:Simple File List - Remote Code Execution - + CVE:CVE-2025-34085 + + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100538 + + + + GeoServer - SSRF - CVE:CVE-2024-29198 + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100548 + + + + Ivanti EPMM - Remote Code Execution - CVE:CVE-2025-6771 + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100550 + + + + Microsoft SharePoint - Remote Code Execution - CVE:CVE-2024-38018 + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100562 + + + + Manager-IO - SSRF - CVE:CVE-2025-54122 + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100565 + + + + + Cisco Identity Services Engine - Remote Code Execution - + CVE:CVE-2025-20281 + + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100567 + + + + Ingress-Nginx - Remote Code Execution - CVE:CVE-2025-1974 + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100569 + + + + PaperCut NG/MF - Remote Code Execution - CVE:CVE-2023-2533 + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100571 + + + + SonicWall SMA - XSS - CVE:CVE-2025-40598 + This is a New Detection + + + 2025-08-04 + 2025-08-11 + Log + 100573 + + + + WordPress - Dangerous File Upload - CVE:CVE-2025-5394 + This is a New Detection + + + \ No newline at end of file