Release-Sep-29-2025 (cloudflare#25503)

vs-mg · web-flow · commit 5c1db82f0b8f · 2025-09-29T17:36:28.000Z
diff --git a/src/content/changelog/waf/2025-09-29-waf-release.mdx b/src/content/changelog/waf/2025-09-29-waf-release.mdx
@@ -0,0 +1,91 @@
+---
+title: "WAF Release - 2025-09-29"
+description: Cloudflare WAF managed rulesets 2025-09-29 release
+date: 2025-09-29
+---
+
+import { RuleID } from "~/components";
+
+This week highlights four important vendor- and component-specific issues: an authentication bypass in SimpleHelp (CVE-2024-57727), an information-disclosure flaw in Flowise Cloud (CVE-2025-58434), an SSRF in the WordPress plugin Ditty (CVE-2025-8085), and a directory-traversal bug in Vite (CVE-2025-30208). These are paired with improvements to our generic detection coverage (SQLi, SSRF) to raise the baseline and reduce noisy gaps.
+
+**Key Findings**
+
+* SimpleHelp (CVE-2024-57727): Authentication bypass in SimpleHelp that can allow unauthorized access to management interfaces or sessions.
+
+* Flowise Cloud (CVE-2025-58434): Information-disclosure vulnerability in Flowise Cloud that may expose sensitive configuration or user data to unauthenticated or low-privileged actors.
+
+* WordPress:Plugin: Ditty (CVE-2025-8085): SSRF in the Ditty WordPress plugin enabling server-side requests that could reach internal services or cloud metadata endpoints.
+
+* Vite (CVE-2025-30208): Directory-traversal vulnerability in Vite allowing access to filesystem paths outside the intended web root.
+
+**Impact**
+
+These vulnerabilities allow attackers to gain access, escalate privileges, or execute actions that were previously unavailable:
+
+* SimpleHelp (CVE-2024-57727): An authentication bypass that can let unauthenticated attackers access management interfaces or hijack sessions — enabling lateral movement, credential theft, or privilege escalation within affected environments.
+
+* Flowise Cloud (CVE-2025-58434): Information-disclosure flaw that can expose sensitive configuration, tokens, or user data; leaked secrets may be chained into account takeover or privileged access to backend services.
+
+* WordPress:Plugin: Ditty (CVE-2025-8085): SSRF that enables server-side requests to internal services or cloud metadata endpoints, potentially allowing attackers to retrieve credentials or reach otherwise inaccessible infrastructure, leading to privilege escalation or cloud resource compromise.
+
+* Vite (CVE-2025-30208): Directory-traversal vulnerability that can expose filesystem contents outside the web root (configuration files, keys, source code), which attackers can use to escalate privileges or further compromise systems.
+
+<table style="width: 100%">
+  <thead>
+    <tr>
+      <th>Ruleset</th>
+      <th>Rule ID</th>
+      <th>Legacy Rule ID</th>
+      <th>Description</th>
+      <th>Previous Action</th>
+      <th>New Action</th>
+      <th>Comments</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="6fe90532af50427484a5275c8c2e30fb" />
+      </td>
+      <td>100717</td>
+      <td>SimpleHelp - Auth Bypass - CVE:CVE-2024-57727</td>
+      <td>Log</td>
+      <td>Block</td>
+      <td>This rule is merged to 100717 in legacy WAF and <RuleID id="498fcd81a62a4b5ca943e2de958094d3" /> in new WAF</td>
+    </tr>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="013ef5de3f074fd5a43cdd70d58b886b" />
+      </td>
+      <td>100775</td>
+      <td>Flowise Cloud - Information Disclosure - CVE:CVE-2025-58434</td>
+      <td>Log</td>
+      <td>Block</td>
+      <td>This is a New Detection</td>
+    </tr>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="68fc5c086ccb4b40a35a63b19bce1ff4" />
+      </td>
+      <td>100881</td>
+      <td>WordPress:Plugin:Ditty - SSRF - CVE:CVE-2025-8085</td>
+      <td>Log</td>
+      <td>Block</td>
+      <td>This is a New Detection</td>
+    </tr>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="9e1a56e6b3bc49b187bf6e35ddc329dd" />
+      </td>
+      <td>100887</td>
+      <td>Vite - Directory Traversal - CVE:CVE-2025-30208</td>
+      <td>Log</td>
+      <td>Block</td>
+      <td>This is a New Detection</td>
+    </tr>
+  </tbody>
+</table>
diff --git a/src/content/changelog/waf/scheduled-waf-release.mdx b/src/content/changelog/waf/scheduled-waf-release.mdx
@@ -1,7 +1,7 @@
 ---
-title: WAF Release - Scheduled changes for 2025-09-29
-description: WAF managed ruleset changes scheduled for 2025-09-29
-date: 2025-09-22
+title: WAF Release - Scheduled changes for 2025-10-06
+description: WAF managed ruleset changes scheduled for 2025-10-06
+date: 2025-09-29
 scheduled: true
 ---
 
@@ -21,48 +21,59 @@ import { RuleID } from "~/components";
   </thead>
   <tbody>
    <tr>
-      <td>2025-09-22</td>
       <td>2025-09-29</td>
+      <td>2025-10-06</td>
       <td>Log</td>
-      <td>100717</td>
+      <td>100882</td>
       <td>
-        <RuleID id="6fe90532af50427484a5275c8c2e30fb" />
+        <RuleID id="0c9bf31ab6fa41fc8f12daaf8650f52f" />
       </td>
-      <td>SimpleHelp - Auth Bypass - CVE:CVE-2024-57727 - Beta</td>
-      <td>This rule will be merged to <RuleID id="498fcd81a62a4b5ca943e2de958094d3" /></td>
+      <td>Chaos Mesh - Missing Authentication - CVE:CVE-2025-59358</td>
+      <td>This is a New Detection</td>
    </tr>
-    <tr>
-      <td>2025-09-22</td>
+   <tr>
       <td>2025-09-29</td>
+      <td>2025-10-06</td>
       <td>Log</td>
-      <td>100775</td>
+      <td>100883</td>
       <td>
-        <RuleID id="013ef5de3f074fd5a43cdd70d58b886b" />
+        <RuleID id="5d459ed434ed446c9580c73c2b8c3680" />
       </td>
-      <td>Flowise Cloud - Information Disclosure - CVE:CVE-2025-58434</td>
+      <td>Chaos Mesh - Command Injection - CVE:CVE-2025-59359</td>
       <td>This is a New Detection</td>
-    </tr>   
+   </tr>
    <tr>
-      <td>2025-09-22</td>
       <td>2025-09-29</td>
+      <td>2025-10-06</td>
       <td>Log</td>
-      <td>100881</td>
+      <td>100884</td>
       <td>
-        <RuleID id="68fc5c086ccb4b40a35a63b19bce1ff4" />
+        <RuleID id="a2591ba5befa4815a6861aefef859a04" />
       </td>
-      <td>WordPress:Plugin:Ditty - SSRF - CVE:CVE-2025-8085</td>
+      <td>Chaos Mesh - Command Injection - CVE:CVE-2025-59361</td>
       <td>This is a New Detection</td>
-    </tr>
-    <tr>
-      <td>2025-09-22</td>
+   </tr>
+   <tr>
       <td>2025-09-29</td>
+      <td>2025-10-06</td>
       <td>Log</td>
-      <td>100887</td>
+      <td>100886</td>
       <td>
-        <RuleID id="9e1a56e6b3bc49b187bf6e35ddc329dd" />
+        <RuleID id="05eea4fabf6f4cf3aac1094b961f26a7" />
       </td>
-      <td>Vite - Directory Traversal - CVE:CVE-2025-30208</td>
+      <td>Form-Data - Parameter Pollution - CVE:CVE-2025-7783</td>
       <td>This is a New Detection</td>
-    </tr>
+   </tr>
+   <tr>
+      <td>2025-09-29</td>
+      <td>2025-10-06</td>
+      <td>Log</td>
+      <td>100888</td>
+      <td>
+        <RuleID id="90514c7810694b188f56979826a4074c" />
+      </td>
+      <td>Chaos Mesh - Command Injection - CVE:CVE-2025-59360</td>
+      <td>This is a New Detection</td>
+   </tr>
   </tbody>
 </table>
