cloudflare · ay-cf · Oct 23, 2025 · Oct 23, 2025 · Oct 23, 2025
@@ -0,0 +1,44 @@
+---
+title: "WAF Release - 2025-10-23 - Emergency"
+description: Cloudflare WAF managed rulesets 2025-10-23 emergency release
+date: 2025-10-23
+---
+
+import { RuleID } from "~/components";
+
+This week highlights enhancements to detection signatures improving coverage for vulnerabilities in Adobe Commerce and Magento Open Source, linked to CVE-2025-54236.
+
+**Key Findings**
+
+This vulnerability allows unauthenticated attackers to take over customer accounts through the Commerce REST API and, in certain configurations, may lead to remote code execution. The latest update enhances detection logic to provide more resilient protection against exploitation attempts.
+
+**Impact**
+
+Adobe Commerce (CVE-2025-54236): Exploitation may allow attackers to hijack sessions, execute arbitrary commands, steal data, and disrupt storefronts, resulting in confidentiality and integrity risks for merchants. Administrators are strongly encouraged to apply vendor patches without delay.
+
+<table style="width: 100%">
+  <thead>
+    <tr>
+      <th>Ruleset</th>
+      <th>Rule ID</th>
+      <th>Legacy Rule ID</th>
+      <th>Description</th>
+      <th>Previous Action</th>
+      <th>New Action</th>
+      <th>Comments</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="6e04fa2b9eb34fb088034d3fc6ef59a1" />
+      </td>
+      <td>N/A</td>
+      <td>Adobe Commerce - Remote Code Execution - CVE:CVE-2025-54236</td>
+      <td>N/A</td>
+      <td>Block</td>
+      <td>This is a New Detection</td>
+    </tr>
+  </tbody>
+</table>