cloudflare · pedrosousa · Sep 1, 2025 · Sep 1, 2025 · Sep 1, 2025
@@ -0,0 +1,59 @@
+---
+title: "WAF Release - 2025-09-01"
+description: Cloudflare WAF managed rulesets 2025-09-01 release
+date: 2025-09-01
+---
+
+import { RuleID } from "~/components";
+
+**This week's update**
+
+This week, a critical vulnerability was disclosed in Fortinet FortiWeb (versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and versions 7.0.10 and below), linked to improper parameter handling that could allow unauthorized access.
+
+
+**Key Findings**
+
+* Fortinet FortiWeb (CVE-2025-52970): A vulnerability may allow an unauthenticated remote attacker with access to non-public information to log in as any existing user on the device via a specially crafted request.
+
+**Impact**
+
+Exploitation could allow an unauthenticated attacker to impersonate any existing user on the device, potentially enabling them to modify system settings or exfiltrate sensitive information, posing a serious security risk. Upgrading to the latest vendor-released version is strongly recommended. 
+
+
+<table style="width: 100%">
+  <thead>
+    <tr>
+      <th>Ruleset</th>
+      <th>Rule ID</th>
+      <th>Legacy Rule ID</th>
+      <th>Description</th>
+      <th>Previous Action</th>
+      <th>New Action</th>
+      <th>Comments</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="636b145a49a84946b990d4fac49b7cf8" />
+      </td>
+      <td>100586</td>
+      <td>Fortinet FortiWeb - Auth Bypass - CVE:CVE-2025-52970</td>
+      <td>Log</td>
+      <td>Disabled</td>
+      <td>This is a New Detection</td>
+    </tr>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="b5ef1ace353841a0856b5e07790c9dde" />
+      </td>
+      <td>100136C</td>
+      <td>XSS - JavaScript - Headers and Body</td>
+      <td>N/A</td>
+      <td>N/A</td>
+      <td>Rule metadata description refined. Detection unchanged.</td>
+    </tr>
+  </tbody>
+</table>
@@ -1,7 +1,7 @@
 ---
-title: WAF Release - Scheduled changes for 2025-09-01
-description: WAF managed ruleset changes scheduled for 2025-09-01
-date: 2025-08-25
+title: WAF Release - Scheduled changes for 2025-09-08
+description: WAF managed ruleset changes scheduled for 2025-09-08
+date: 2025-09-01
 scheduled: true
 ---
 
@@ -21,14 +21,102 @@ import { RuleID } from "~/components";
   </thead>
   <tbody>
     <tr>
-      <td>2025-08-25</td>
       <td>2025-09-01</td>
+      <td>2025-09-08</td>
       <td>Log</td>
-      <td>100586</td>
+      <td>100007D</td>
       <td>
-        <RuleID id="636b145a49a84946b990d4fac49b7cf8" />
+        <RuleID id="7c5812a31fd94996b3299f7e963d7afc" />
       </td>
-      <td>Fortinet FortiWeb - Auth Bypass - CVE:CVE-2025-52970</td>
+      <td>Command Injection - Common Attack Commands Args</td>
+      <td>Beta detection. This will be merged into the original rule "Command Injection - Common Attack Commands" (ID: <RuleID id="89557ce9b26e4d4dbf29e90c28345b9b" />)</td>
+    </tr>
+    <tr>
+      <td>2025-09-01</td>
+      <td>2025-09-08</td>
+      <td>Log</td>
+      <td>100617</td>
+      <td>
+        <RuleID id="cd528243d6824f7ab56182988230a75b" />
+      </td>
+      <td>Next.js - SSRF - CVE:CVE-2025-57822</td>
+      <td>This is a New Detection</td>
+    </tr>
+    <tr>
+      <td>2025-09-01</td>
+      <td>2025-09-08</td>
+      <td>Log</td>
+      <td>100659_BETA</td>
+      <td>
+        <RuleID id="503b337dac5c409d8f833a6ba22dabf1" />
+      </td>
+      <td>Common Payloads for Server-Side Template Injection - Beta</td>
+      <td>Beta detection. This will be merged into the original rule "Common Payloads for Server-Side Template Injection" (ID: <RuleID id="21c7a963e1b749e7b1753238a28a42c4" />)</td>
+    </tr>    
+    <tr>
+      <td>2025-09-01</td>
+      <td>2025-09-08</td>
+      <td>Log</td>
+      <td>100824B</td>
+      <td>
+        <RuleID id="6d24266148f24f5e9fa487f8b416b7ca" />
+      </td>
+      <td>CrushFTP - Remote Code Execution - CVE:CVE-2025-54309 - 3</td>
+      <td>This is a New Detection</td>
+    </tr>    
+    <tr>
+      <td>2025-09-01</td>
+      <td>2025-09-08</td>
+      <td>Log</td>
+      <td>100848</td>
+      <td>
+        <RuleID id="154b217c43d04f11a13aeff05db1fa6b" />
+      </td>
+      <td>ScriptCase - Auth Bypass - CVE:CVE-2025-47227</td>
+      <td>This is a New Detection</td>
+    </tr>
+    <tr>
+      <td>2025-09-01</td>
+      <td>2025-09-08</td>
+      <td>Log</td>
+      <td>100849</td>
+      <td>
+        <RuleID id="cad6f1c8c6d44ef59929e6532c62d330" />
+      </td>
+      <td>ScriptCase - Command Injection - CVE:CVE-2025-47228</td>
+      <td>This is a New Detection</td>
+    </tr>
+    <tr>
+      <td>2025-09-01</td>
+      <td>2025-09-08</td>
+      <td>Log</td>
+      <td>100872</td>
+      <td>
+        <RuleID id="e7464139fd3e44938b56716bef971afd" />
+      </td>
+      <td>WordPress:Plugin:InfiniteWP Client - Missing Authorization - CVE:CVE-2020-8772</td>
+      <td>This is a New Detection</td>
+    </tr>
+    <tr>
+      <td>2025-09-01</td>
+      <td>2025-09-08</td>
+      <td>Log</td>
+      <td>100873</td>
+      <td>
+        <RuleID id="0181ebb2cc234f2d863412e1bab19b0b" />
+      </td>
+      <td>Sar2HTML - Command Injection - CVE:CVE-2025-34030</td>
+      <td>This is a New Detection</td>
+    </tr>
+    <tr>
+      <td>2025-09-01</td>
+      <td>2025-09-08</td>
+      <td>Log</td>
+      <td>100875</td>
+      <td>
+        <RuleID id="34d5c7c7b08b40eaad5b2bb3f24c0fbe" />
+      </td>
+      <td>Zhiyuan OA - Remote Code Execution - CVE:CVE-2025-34040</td>
       <td>This is a New Detection</td>
     </tr>
   </tbody>