From 3178142df7a488c3f438af7f08578823ef7cd8ec Mon Sep 17 00:00:00 2001 From: fb1337 Date: Mon, 1 Sep 2025 11:07:10 -0400 Subject: [PATCH 1/2] Release-1st-Sep-2025 --- .../changelog/waf/2025-09-01-waf-release.mdx | 58 ++++++++++ .../changelog/waf/scheduled-waf-release.mdx | 102 ++++++++++++++++-- 2 files changed, 153 insertions(+), 7 deletions(-) create mode 100644 src/content/changelog/waf/2025-09-01-waf-release.mdx diff --git a/src/content/changelog/waf/2025-09-01-waf-release.mdx b/src/content/changelog/waf/2025-09-01-waf-release.mdx new file mode 100644 index 00000000000000..cd8529c2413689 --- /dev/null +++ b/src/content/changelog/waf/2025-09-01-waf-release.mdx @@ -0,0 +1,58 @@ +--- +title: "WAF Release - 2025-09-01" +description: Cloudflare WAF managed rulesets 2025-09-01 release +date: 2025-09-01 +--- + +import { RuleID } from "~/components"; + +This week's update + +This week, critical vulnerability was disclosed in Fortinet FortiWeb(versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below), linked to improper parameter handling that could allow unauthorized access. + + +**Key Findings** + +* Fortinet FortiWeb (CVE-2025-52970): A vulnerability may allow an unauthenticated remote attacker with access to non-public information to log in as any existing user on the device via a specially crafted request. + +**Impact** +Exploitation could allow an unauthenticated attacker to impersonate any existing user on the device, potentially enabling them to modify system settings or exfiltrate sensitive information, posing a serious security risk. Upgrading to the latest vendor-released version is strongly recommended. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset + + 100586Fortinet FortiWeb - Auth Bypass - CVE:CVE-2025-52970LogDisabledThis is a New Detection
Cloudflare Managed Ruleset + + 100136CXSS - JavaScript - Headers and BodyN/AN/ARule metadata description refined. Detection unchanged.
\ No newline at end of file diff --git a/src/content/changelog/waf/scheduled-waf-release.mdx b/src/content/changelog/waf/scheduled-waf-release.mdx index 600efbf3e114b3..19d7f19e9931d3 100644 --- a/src/content/changelog/waf/scheduled-waf-release.mdx +++ b/src/content/changelog/waf/scheduled-waf-release.mdx @@ -1,7 +1,7 @@ --- -title: WAF Release - Scheduled changes for 2025-09-01 -description: WAF managed ruleset changes scheduled for 2025-09-01 -date: 2025-08-25 +title: WAF Release - Scheduled changes for 2025-09-08 +description: WAF managed ruleset changes scheduled for 2025-09-08 +date: 2025-09-01 scheduled: true --- @@ -21,14 +21,102 @@ import { RuleID } from "~/components"; - 2025-08-25 2025-09-01 + 2025-09-08 Log - 100586 + 100007D - + - Fortinet FortiWeb - Auth Bypass - CVE:CVE-2025-52970 + Command Injection - Common Attack Commands Args + Beta detection. This will be merged into the original rule "Command Injection - Common Attack Commands (id: 89557ce9b26e4d4dbf29e90c28345b9b)" + + + 2025-09-01 + 2025-09-08 + Log + 100617 + + + + Next.js - SSRF - CVE:CVE-2025-57822 + This is a New Detection + + + 2025-09-01 + 2025-09-08 + Log + 100659_BETA + + + + Common Payloads for Server-Side Template Injection - Beta + Beta detection. This will be merged into the original rule “Common Payloads for Server-Side Template Injection (id: 21c7a963e1b749e7b1753238a28a42c4)" + + + 2025-09-01 + 2025-09-08 + Log + 100824B + + + + CrushFTP - Remote Code Execution - CVE:CVE-2025-54309 - 3 + This is a New Detection + + + 2025-09-01 + 2025-09-08 + Log + 100848 + + + + ScriptCase - Auth Bypass - CVE:CVE-2025-47227 + This is a New Detection + + + 2025-09-01 + 2025-09-08 + Log + 100849 + + + + ScriptCase - Command Injection - CVE:CVE-2025-47228 + This is a New Detection + + + 2025-09-01 + 2025-09-08 + Log + 100872 + + + + WordPress:Plugin:InfiniteWP Client - Missing Authorization - CVE:CVE-2020-8772 + This is a New Detection + + + 2025-09-01 + 2025-09-08 + Log + 100873 + + + + Sar2HTML - Command Injection - CVE:CVE-2025-34030 + This is a New Detection + + + 2025-09-01 + 2025-09-08 + Log + 100875 + + + + Zhiyuan OA - Remote Code Execution - CVE:CVE-2025-34040 This is a New Detection From 02571ed920bca45a156010d4c2c85fd67db6e9ab Mon Sep 17 00:00:00 2001 From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com> Date: Mon, 1 Sep 2025 16:24:09 +0100 Subject: [PATCH 2/2] Apply suggestions from PCX review --- src/content/changelog/waf/2025-09-01-waf-release.mdx | 7 ++++--- src/content/changelog/waf/scheduled-waf-release.mdx | 4 ++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/content/changelog/waf/2025-09-01-waf-release.mdx b/src/content/changelog/waf/2025-09-01-waf-release.mdx index cd8529c2413689..5470b675623f1e 100644 --- a/src/content/changelog/waf/2025-09-01-waf-release.mdx +++ b/src/content/changelog/waf/2025-09-01-waf-release.mdx @@ -6,9 +6,9 @@ date: 2025-09-01 import { RuleID } from "~/components"; -This week's update +**This week's update** -This week, critical vulnerability was disclosed in Fortinet FortiWeb(versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below), linked to improper parameter handling that could allow unauthorized access. +This week, a critical vulnerability was disclosed in Fortinet FortiWeb (versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and versions 7.0.10 and below), linked to improper parameter handling that could allow unauthorized access. **Key Findings** @@ -16,7 +16,8 @@ This week, critical vulnerability was disclosed in Fortinet FortiWeb(versions 7 * Fortinet FortiWeb (CVE-2025-52970): A vulnerability may allow an unauthenticated remote attacker with access to non-public information to log in as any existing user on the device via a specially crafted request. **Impact** -Exploitation could allow an unauthenticated attacker to impersonate any existing user on the device, potentially enabling them to modify system settings or exfiltrate sensitive information, posing a serious security risk. Upgrading to the latest vendor-released version is strongly recommended. + +Exploitation could allow an unauthenticated attacker to impersonate any existing user on the device, potentially enabling them to modify system settings or exfiltrate sensitive information, posing a serious security risk. Upgrading to the latest vendor-released version is strongly recommended. diff --git a/src/content/changelog/waf/scheduled-waf-release.mdx b/src/content/changelog/waf/scheduled-waf-release.mdx index 19d7f19e9931d3..bc08cae4c6af2b 100644 --- a/src/content/changelog/waf/scheduled-waf-release.mdx +++ b/src/content/changelog/waf/scheduled-waf-release.mdx @@ -29,7 +29,7 @@ import { RuleID } from "~/components"; - + @@ -51,7 +51,7 @@ import { RuleID } from "~/components"; - +
Command Injection - Common Attack Commands ArgsBeta detection. This will be merged into the original rule "Command Injection - Common Attack Commands (id: 89557ce9b26e4d4dbf29e90c28345b9b)"Beta detection. This will be merged into the original rule "Command Injection - Common Attack Commands" (ID: )
2025-09-01Common Payloads for Server-Side Template Injection - BetaBeta detection. This will be merged into the original rule “Common Payloads for Server-Side Template Injection (id: 21c7a963e1b749e7b1753238a28a42c4)"Beta detection. This will be merged into the original rule "Common Payloads for Server-Side Template Injection" (ID: )
2025-09-01