|
| 1 | +--- |
| 2 | +title: "2025-05-27" |
| 3 | +type: table |
| 4 | +pcx_content_type: release-notes |
| 5 | +sidebar: |
| 6 | + order: 788 |
| 7 | +tableOfContents: false |
| 8 | +--- |
| 9 | + |
| 10 | +import { RuleID } from "~/components"; |
| 11 | + |
| 12 | +This week’s roundup covers nine vulnerabilities, including six critical RCEs and one dangerous file upload. Affected platforms span cloud services, CI/CD pipelines, CMSs, and enterprise backup systems. Several are now addressed by updated WAF managed rulesets. |
| 13 | + |
| 14 | +**Key Findings** |
| 15 | + |
| 16 | +- Ingress-Nginx (CVE-2025-1098): Unauthenticated RCE via unsafe annotation handling. Impacts Kubernetes clusters. |
| 17 | +- GitHub Actions (CVE-2025-30066): RCE through malicious workflow inputs. Targets CI/CD pipelines. |
| 18 | +- Craft CMS (CVE-2025-32432): Template injection enables unauthenticated RCE. High risk to content-heavy sites. |
| 19 | +- F5 BIG-IP (CVE-2025-31644): RCE via TMUI exploit, allowing full system compromise. |
| 20 | +- AJ-Report (CVE-2024-15077): RCE through untrusted template execution. Affects reporting dashboards. |
| 21 | +- NAKIVO Backup (CVE-2024-48248): RCE via insecure script injection. High-value target for ransomware. |
| 22 | +- SAP NetWeaver (CVE-2025-31324): Dangerous file upload flaw enables remote shell deployment. |
| 23 | +- Ivanti EPMM (CVE-2025-4428, 4427): Auth bypass allows full access to mobile device management. |
| 24 | +- Vercel (CVE-2025-32421): Information leak via misconfigured APIs. Useful for attacker recon. |
| 25 | + |
| 26 | +**Impact** |
| 27 | + |
| 28 | +These newly detected vulnerabilities introduce critical risk across modern web stacks, AI infrastructure, and content platforms: unauthenticated RCEs in Commvault, BentoML, and Craft CMS enable full system compromise with minimal attacker effort. |
| 29 | + |
| 30 | +Apache HTTPD information leak can support targeted reconnaissance, increasing the success rate of follow-up exploits. Organizations using these platforms should prioritize patching and monitor for indicators of exploitation using updated WAF detection rules. |
| 31 | + |
| 32 | +<table style="width: 100%"> |
| 33 | + <thead> |
| 34 | + <tr> |
| 35 | + <th>Ruleset</th> |
| 36 | + <th>Rule ID</th> |
| 37 | + <th>Legacy Rule ID</th> |
| 38 | + <th>Description</th> |
| 39 | + <th>Previous Action</th> |
| 40 | + <th>New Action</th> |
| 41 | + <th>Comments</th> |
| 42 | + </tr> |
| 43 | + </thead> |
| 44 | + <tbody> |
| 45 | + <tr> |
| 46 | + <td>Cloudflare Managed Ruleset</td> |
| 47 | + <td> |
| 48 | + <RuleID id="6a61a14f44af4232a44e45aad127592a" /> |
| 49 | + </td> |
| 50 | + <td>100746</td> |
| 51 | + <td>Vercel - Information Disclosure</td> |
| 52 | + <td>Log</td> |
| 53 | + <td>Disabled</td> |
| 54 | + <td>This is a New Detection</td> |
| 55 | + </tr> |
| 56 | + <tr> |
| 57 | + <td>Cloudflare Managed Ruleset</td> |
| 58 | + <td> |
| 59 | + <RuleID id="bd30b3c43eb44335ab6013c195442495" /> |
| 60 | + </td> |
| 61 | + <td>100754</td> |
| 62 | + <td>AJ-Report - Remote Code Execution - CVE:CVE-2024-15077</td> |
| 63 | + <td>Log</td> |
| 64 | + <td>Block</td> |
| 65 | + <td>This is a New Detection</td> |
| 66 | + </tr> |
| 67 | + <tr> |
| 68 | + <td>Cloudflare Managed Ruleset</td> |
| 69 | + <td> |
| 70 | + <RuleID id="6a13bd6e5fc94b1d9c97eb87dfee7ae4" /> |
| 71 | + </td> |
| 72 | + <td>100756</td> |
| 73 | + <td>NAKIVO Backup - Remote Code Execution - CVE:CVE-2024-48248</td> |
| 74 | + <td>Log</td> |
| 75 | + <td>Block</td> |
| 76 | + <td>This is a New Detection</td> |
| 77 | + </tr> |
| 78 | + <tr> |
| 79 | + <td>Cloudflare Managed Ruleset</td> |
| 80 | + <td> |
| 81 | + <RuleID id="a4af6f2f15c9483fa9eab01d1c52f6d0" /> |
| 82 | + </td> |
| 83 | + <td>100757</td> |
| 84 | + <td>Ingress-Nginx - Remote Code Execution - CVE:CVE-2025-1098</td> |
| 85 | + <td>Log</td> |
| 86 | + <td>Disabled</td> |
| 87 | + <td>This is a New Detection</td> |
| 88 | + </tr> |
| 89 | + <tr> |
| 90 | + <td>Cloudflare Managed Ruleset</td> |
| 91 | + <td> |
| 92 | + <RuleID id="bd30b3c43eb44335ab6013c195442495" /> |
| 93 | + </td> |
| 94 | + <td>100759</td> |
| 95 | + <td>SAP NetWeaver - Dangerous File Upload - CVE:CVE-2025-31324</td> |
| 96 | + <td>Log</td> |
| 97 | + <td>Block</td> |
| 98 | + <td>This is a New Detection</td> |
| 99 | + </tr> |
| 100 | + <tr> |
| 101 | + <td>Cloudflare Managed Ruleset</td> |
| 102 | + <td> |
| 103 | + <RuleID id="dab2df4f548349e3926fee845366ccc1" /> |
| 104 | + </td> |
| 105 | + <td>100760</td> |
| 106 | + <td>Craft CMS - Remote Code Execution - CVE:CVE-2025-32432</td> |
| 107 | + <td>Log</td> |
| 108 | + <td>Block</td> |
| 109 | + <td>This is a New Detection</td> |
| 110 | + </tr> |
| 111 | + <tr> |
| 112 | + <td>Cloudflare Managed Ruleset</td> |
| 113 | + <td> |
| 114 | + <RuleID id="5eb23f172ed64ee08895e161eb40686b" /> |
| 115 | + </td> |
| 116 | + <td>100761</td> |
| 117 | + <td>GitHub Action - Remote Code Execution - CVE:CVE-2025-30066</td> |
| 118 | + <td>Log</td> |
| 119 | + <td>Disabled</td> |
| 120 | + <td>This is a New Detection</td> |
| 121 | + </tr> |
| 122 | + <tr> |
| 123 | + <td>Cloudflare Managed Ruleset</td> |
| 124 | + <td> |
| 125 | + <RuleID id="827037f2d5f941789efcba6260fc041c" /> |
| 126 | + </td> |
| 127 | + <td>100762</td> |
| 128 | + <td>Ivanti EPMM - Auth Bypass - CVE:CVE-2025-4428, CVE:CVE-2025-4427</td> |
| 129 | + <td>Log</td> |
| 130 | + <td>Block</td> |
| 131 | + <td>This is a New Detection</td> |
| 132 | + </tr> |
| 133 | + <tr> |
| 134 | + <td>Cloudflare Managed Ruleset</td> |
| 135 | + <td> |
| 136 | + <RuleID id="ddee6d1c4f364768b324609cebafdfe6" /> |
| 137 | + </td> |
| 138 | + <td>100763</td> |
| 139 | + <td>F5 Big IP - Remote Code Execution - CVE:CVE-2025-31644</td> |
| 140 | + <td>Log</td> |
| 141 | + <td>Disabled</td> |
| 142 | + <td>This is a New Detection</td> |
| 143 | + </tr> |
| 144 | + </tbody> |
| 145 | +</table> |
0 commit comments