-
Notifications
You must be signed in to change notification settings - Fork 9.9k
Release-Aug-04-2025- Releasing 8 detections and Announcing 18 detections #24161
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
6356412
Release-Aug-04-2025- Releasing 8 detections and Announcing 18 detecti…
vs-mg 12b02f0
Release-Aug-04-2025- Fix the format
vs-mg 1b0b850
Release-Aug-04-2025- Fix the format
vs-mg 01cc9e2
Release-Aug-04-2025- Fix the format
vs-mg bf3c895
Apply suggestions from code review
Oxyjun f70b337
Apply suggestions from PCX review
pedrosousa File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,139 @@ | ||
| --- | ||
| title: "WAF Release - 2025-08-04" | ||
| description: Cloudflare WAF managed rulesets 2025-08-04 release | ||
| date: 2025-08-04 | ||
| --- | ||
|
|
||
| import { RuleID } from "~/components"; | ||
|
|
||
| This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-grade CMS to essential backend administration tools. The findings reveal multiple vectors for attack, including critical flaws that allow for full server compromise and others that enable targeted attacks against users. | ||
|
|
||
| **Key Findings** | ||
|
|
||
| - Sitecore (CVE-2025-34509, CVE-2025-34510, CVE-2025-34511): A hardcoded credential allows remote attackers to access administrative APIs. Once authenticated, they can exploit an additional vulnerability to upload arbitrary files, leading to remote code execution. | ||
|
|
||
| - Grafana (CVE-2025-4123): A cross-site scripting (XSS) vulnerability allows an attacker to redirect users to a malicious website, which can then execute arbitrary JavaScript in the victim's browser. | ||
|
|
||
| - LaRecipe (CVE-2025-53833): Through Server-Side Template Injection, attackers can execute arbitrary commands on the server, potentially access sensitive environment variables and escalate access depending on server configuration. | ||
|
|
||
| - CentOS WebPanel (CVE-2025-48703) A command injection vulnerability could allow a remote attacker to execute arbitrary commands on the server. | ||
Oxyjun marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| - WordPress (CVE-2023-5561):This vulnerability allows unauthenticated attackers Unauthenticated attackers to determine the email addresses of users who have published public posts on an affected website. | ||
Oxyjun marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| - WordPress Plugin - WPBookit (CVE-2025-6058): A nissing file type validation allows unauthenticated attackers to upload arbitrary files to the server, creating the potential for remote code execution. | ||
Oxyjun marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| - WordPress Theme - Motors (CVE-2025-4322): Due to improper identity validation, an unauthenticated attacker can change the passwords of arbitrary users, including administrators, to gain access to their accounts. | ||
|
|
||
| **Impact** | ||
|
|
||
| These vulnerabilities pose a multi-layered threat to widely adopted web technologies, ranging from enterprise-grade platforms like Sitecore to everyday solutions such as WordPress and backend tools like CentOS WebPanel. The most severe risks originate in remote code execution (RCE) flaws found in Sitecore, CentOS WebPanel, LaRecipe, and the WPBookit plugin. These allow attackers to bypass security controls and gain deep access to the server, enabling them to steal sensitive data, deface websites, install persistent malware, or use the compromised server as a launchpad for further attacks. | ||
Oxyjun marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| The privilege escalation vulnerability in the Motors theme, which allows for a complete administrative account takeover on WordPress sites. This effectively hands control of the application to an attacker, who can then manipulate content, exfiltrate user data, and alter site functionality without needing to breach the server itself. | ||
Oxyjun marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| The Grafana cross-site scripting (XSS) flaw can be used to hijack authenticated user sessions or steal credentials, turning a trusted user's browser into an attack vector. | ||
|
|
||
| Meanwhile, the information disclosure flaw in WordPress core provides attackers with valid user emails, fueling targeted phishing campaigns that aim to secure the same account access achievable through the other exploits. | ||
|
|
||
| <table style="width: 100%"> | ||
| <thead> | ||
| <tr> | ||
| <th>Ruleset</th> | ||
| <th>Rule ID</th> | ||
| <th>Legacy Rule ID</th> | ||
| <th>Description</th> | ||
| <th>Previous Action</th> | ||
| <th>New Action</th> | ||
| <th>Comments</th> | ||
| </tr> | ||
| </thead> | ||
| <tbody> | ||
| <tr> | ||
| <td>Cloudflare Managed Ruleset</td> | ||
| <td> | ||
| <RuleID id="b8ab4644f8044f3485441ee052f30a13" /> | ||
| </td> | ||
| <td>100535A</td> | ||
| <td>Sitecore - Dangerous File Upload - CVE:CVE-2025-34510, CVE:CVE-2025-34511</td> | ||
| <td>Log</td> | ||
| <td>Block</td> | ||
| <td>This is a New Detection</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Cloudflare Managed Ruleset</td> | ||
| <td> | ||
| <RuleID id="06d1fe0bd6e44d868e6b910b5045a97f" /> | ||
| </td> | ||
| <td>100535</td> | ||
| <td>Sitecore - Information Disclosure - CVE:CVE-2025-34509</td> | ||
| <td>Log</td> | ||
| <td>Block</td> | ||
| <td>This is a New Detection</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Cloudflare Managed Ruleset</td> | ||
| <td> | ||
| <RuleID id="f71ce87ea6e54eab999223df579cd3e0" /> | ||
| </td> | ||
| <td>100543</td> | ||
| <td>Grafana - Directory Traversal - CVE:CVE-2025-4123</td> | ||
| <td>Log</td> | ||
| <td>Block</td> | ||
| <td>This is a New Detection</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Cloudflare Managed Ruleset</td> | ||
| <td> | ||
| <RuleID id="bba3d37891a440fb8bc95b970cbd9abc" /> | ||
| </td> | ||
| <td>100545</td> | ||
| <td>WordPress - Information Disclosure - CVE:CVE-2023-5561</td> | ||
| <td>Log</td> | ||
| <td>Block</td> | ||
| <td>This is a New Detection</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Cloudflare Managed Ruleset</td> | ||
| <td> | ||
| <RuleID id="28108d25f1cf470c8e7648938f634977" /> | ||
| </td> | ||
| <td>100814</td> | ||
| <td>CentOS WebPanel - Remote Code Execution - CVE:CVE-2025-48703</td> | ||
| <td>Log</td> | ||
| <td>Block</td> | ||
| <td>This is a New Detection</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Cloudflare Managed Ruleset</td> | ||
| <td> | ||
| <RuleID id="9d69c796a61444a3aca33dc282ae64c1" /> | ||
| </td> | ||
| <td>100821</td> | ||
| <td>LaRecipe - SSTI - CVE:CVE-2025-53833</td> | ||
| <td>Log</td> | ||
| <td>Block</td> | ||
| <td>This is a New Detection</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Cloudflare Managed Ruleset</td> | ||
| <td> | ||
| <RuleID id="9b5c5e13d2ca4253a89769f2194f7b2d" /> | ||
| </td> | ||
| <td>100822</td> | ||
| <td>WordPress:Plugin:WPBookit - Remote Code Execution - CVE:CVE-2025-6058</td> | ||
| <td>Log</td> | ||
| <td>Block</td> | ||
| <td>This is a New Detection</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Cloudflare Managed Ruleset</td> | ||
| <td> | ||
| <RuleID id="69d43d704b0641898141a4300bf1b661" /> | ||
| </td> | ||
| <td>100823</td> | ||
| <td>WordPress:Theme:Motors - Privilege Escalation - CVE:CVE-2025-4322</td> | ||
| <td>Log</td> | ||
| <td>Block</td> | ||
| <td>This is a New Detection</td> | ||
| </tr> | ||
| </tbody> | ||
| </table> | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.