From 6f7ca95d121f946f97219da062cc8e0600372787 Mon Sep 17 00:00:00 2001
From: vaibhav <vaibhav@cloudflare.com>
Date: Wed, 24 Sep 2025 11:56:45 -0700
Subject: [PATCH 1/3] Release-Sep-24-2025 Emergency

---
 .../waf/2025-09-24-emergency-waf-release.mdx  | 44 +++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 src/content/changelog/waf/2025-09-24-emergency-waf-release.mdx

diff --git a/src/content/changelog/waf/2025-09-24-emergency-waf-release.mdx b/src/content/changelog/waf/2025-09-24-emergency-waf-release.mdx
new file mode 100644
index 000000000000000..3b3e684866a810a
--- /dev/null
+++ b/src/content/changelog/waf/2025-09-24-emergency-waf-release.mdx
@@ -0,0 +1,44 @@
+---
+title: "WAF Release - 2025-09-24 - Emergency"
+description: Cloudflare WAF managed rulesets 2025-09-22 emergency release
+date: 2025-09-24
+---
+
+import { RuleID } from "~/components";
+
+This week highlights a critical vendor-specific vulnerability: a deserialization flaw in the License Servlet of Fortra’s GoAnywhere MFT. By forging a license response signature, an attacker can trigger deserialization of arbitrary objects, potentially leading to command injection.
+
+**Key Findings**
+
+* GoAnywhere MFT (CVE-2025-10035): Deserialization vulnerability in the License Servlet that allows attackers with a forged license response signature to deserialize arbitrary objects, potentially resulting in command injection.
+
+**Impact**
+
+GoAnywhere MFT (CVE-2025-10035): Exploitation enables attackers to escalate privileges or achieve remote code execution via command injection.
+
+<table style="width: 100%">
+  <thead>
+    <tr>
+      <th>Ruleset</th>
+      <th>Rule ID</th>
+      <th>Legacy Rule ID</th>
+      <th>Description</th>
+      <th>Previous Action</th>
+      <th>New Action</th>
+      <th>Comments</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="" />
+      </td>
+      <td>100787</td>
+      <td>Fortra GoAnywhere - Auth Bypass - CVE:CVE-2025-10035</td>
+      <td>N/A</td>
+      <td>Block</td>
+      <td>This is a New Detection</td>
+    </tr>
+  </tbody>
+</table>
\ No newline at end of file

From 8a8c233371149da2844224ddc587bbe9cfb43e70 Mon Sep 17 00:00:00 2001
From: vaibhav <vaibhav@cloudflare.com>
Date: Wed, 24 Sep 2025 11:58:02 -0700
Subject: [PATCH 2/3] Release-Sep-24-2025 Emergency

---
 src/content/changelog/waf/2025-09-24-emergency-waf-release.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/changelog/waf/2025-09-24-emergency-waf-release.mdx b/src/content/changelog/waf/2025-09-24-emergency-waf-release.mdx
index 3b3e684866a810a..5a6ab03190fe317 100644
--- a/src/content/changelog/waf/2025-09-24-emergency-waf-release.mdx
+++ b/src/content/changelog/waf/2025-09-24-emergency-waf-release.mdx
@@ -32,7 +32,7 @@ GoAnywhere MFT (CVE-2025-10035): Exploitation enables attackers to escalate priv
     <tr>
       <td>Cloudflare Managed Ruleset</td>
       <td>
-        <RuleID id="" />
+        <RuleID id="8fe242c7c0d64d689f4fc9a1e08b39f3" />
       </td>
       <td>100787</td>
       <td>Fortra GoAnywhere - Auth Bypass - CVE:CVE-2025-10035</td>

From 73e8f6a74985a14b3423a26f278766e555f6e950 Mon Sep 17 00:00:00 2001
From: vaibhav <vaibhav@cloudflare.com>
Date: Wed, 24 Sep 2025 11:58:40 -0700
Subject: [PATCH 3/3] Release-Sep-24-2025 Emergency

---
 src/content/changelog/waf/2025-09-24-emergency-waf-release.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/changelog/waf/2025-09-24-emergency-waf-release.mdx b/src/content/changelog/waf/2025-09-24-emergency-waf-release.mdx
index 5a6ab03190fe317..2a09bf015de4913 100644
--- a/src/content/changelog/waf/2025-09-24-emergency-waf-release.mdx
+++ b/src/content/changelog/waf/2025-09-24-emergency-waf-release.mdx
@@ -1,6 +1,6 @@
 ---
 title: "WAF Release - 2025-09-24 - Emergency"
-description: Cloudflare WAF managed rulesets 2025-09-22 emergency release
+description: Cloudflare WAF managed rulesets 2025-09-24 emergency release
 date: 2025-09-24
 ---