diff --git a/src/content/changelog/waf/2025-11-03-waf-release.mdx b/src/content/changelog/waf/2025-11-03-waf-release.mdx new file mode 100644 index 00000000000000..dd278abe8f80c8 --- /dev/null +++ b/src/content/changelog/waf/2025-11-03-waf-release.mdx @@ -0,0 +1,44 @@ +--- +title: "WAF Release - 2025-11-03" +description: Cloudflare WAF managed rulesets 2025-11-03 release +date: 2025-11-03 +--- + +import { RuleID } from "~/components"; + +This week highlights enhancements to detection signatures improving coverage for vulnerabilities in Adobe Commerce and Magento Open Source, linked to CVE-2025-54236. + +**Key Findings** + +This vulnerability allows unauthenticated attackers to take over customer accounts through the Commerce REST API and, in certain configurations, may lead to remote code execution. The latest update provides enhanced detection logic for resilient protection against exploitation attempts. + +**Impact** + +- Adobe Commerce (CVE-2025-54236): Exploitation may allow attackers to hijack sessions, execute arbitrary commands, steal data, and disrupt storefronts, resulting in confidentiality and integrity risks for merchants. Administrators are strongly encouraged to apply vendor patches without delay. + + + + + + + + + + + + + + + + + + + + + + + + +
RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset + + 100774CAdobe Commerce - Remote Code Execution - CVE:CVE-2025-54236LogBlockThis is an improved detection.
diff --git a/src/content/changelog/waf/scheduled-waf-release.mdx b/src/content/changelog/waf/scheduled-waf-release.mdx index 9cc3294445dac6..18be09df89dd59 100644 --- a/src/content/changelog/waf/scheduled-waf-release.mdx +++ b/src/content/changelog/waf/scheduled-waf-release.mdx @@ -1,7 +1,7 @@ --- -title: WAF Release - Scheduled changes for 2025-11-03 -description: WAF managed ruleset changes scheduled for 2025-11-03 -date: 2025-10-27 +title: WAF Release - Scheduled changes for 2025-11-10 +description: WAF managed ruleset changes scheduled for 2025-11-10 +date: 2025-11-03 scheduled: true --- @@ -22,18 +22,7 @@ import { RuleID } from "~/components"; 2025-10-27 - 2025-11-03 - Log - 100774 - - - - Adobe Commerce - Remote Code Execution - CVE:CVE-2025-54236 - This is a new detection - - - 2025-10-27 - 2025-11-03 + 2025-11-10 Log N/A @@ -44,7 +33,7 @@ import { RuleID } from "~/components"; 2025-10-27 - 2025-11-03 + 2025-11-10 Log N/A @@ -55,7 +44,7 @@ import { RuleID } from "~/components"; 2025-10-27 - 2025-11-03 + 2025-11-10 Log N/A @@ -66,47 +55,14 @@ import { RuleID } from "~/components"; 2025-10-27 - 2025-11-03 + 2025-11-10 Log N/A - + HTTP Truncated Beta This is a beta detection and will replace the action on original detection (ID: ) - - 2025-10-27 - 2025-11-03 - Disabled - N/A - - - - Generic Rules - Command Execution - URI - Beta - We have updated the rule logic - - - 2025-10-27 - 2025-11-03 - Disabled - N/A - - - - Generic Rules - Command Execution - Header - Beta - We have updated the rule logic - - - 2025-10-27 - 2025-11-03 - Disabled - N/A - - - - Generic Rules - Command Execution - Body - Beta - We have updated the rule logic - \ No newline at end of file