[Changelog] Emergency WAF (cloudflare#23870)

kodster28 · sdnts · commit 44959f8add70 · 2025-07-24T16:06:14.000-04:00
diff --git a/src/content/changelog/waf/2025-07-21-emergency.mdx b/src/content/changelog/waf/2025-07-21-emergency.mdx
@@ -0,0 +1,56 @@
+---
+title: "2025-07-21 - Emergency"
+description: This week's update highlights several high-impact vulnerabilities affecting Microsoft SharePoint Server.
+date: 2025-07-21
+---
+
+import { RuleID } from "~/components";
+
+This week's update highlights several high-impact vulnerabilities affecting Microsoft SharePoint Server. These flaws, involving unsafe deserialization, allow unauthenticated remote code execution over the network, posing a critical threat to enterprise environments relying on SharePoint for collaboration and document management.
+
+**Key Findings**
+
+- Microsoft SharePoint Server (CVE-2025-53770): A critical vulnerability involving unsafe deserialization of untrusted data, enabling unauthenticated remote code execution over the network. This flaw allows attackers to execute arbitrary code on vulnerable SharePoint servers without user interaction.
+- Microsoft SharePoint Server (CVE-2025-53771): A closely related deserialization issue that can be exploited by unauthenticated attackers, potentially leading to full system compromise. The vulnerability highlights continued risks around insecure serialization logic in enterprise collaboration platforms.
+
+**Impact**
+
+Together, these vulnerabilities significantly weaken the security posture of on-premise Microsoft SharePoint Server deployments. By enabling remote code execution without authentication, they open the door for attackers to gain persistent access, deploy malware, and move laterally across enterprise environments.
+
+<table style="width: 100%">
+	<thead>
+		<tr>
+			<th>Ruleset</th>
+			<th>Rule ID</th>
+			<th>Legacy Rule ID</th>
+			<th>Description</th>
+			<th>Previous Action</th>
+			<th>New Action</th>
+			<th>Comments</th>
+		</tr>
+	</thead>
+       <tbody>
+ 		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+					<RuleID id="34dac2b38b904163bc587cc32168f6f0" />
+			</td>
+			<td>100817</td>
+			<td>Microsoft SharePoint - Deserialization - CVE:CVE-2025-53770</td>
+			<td>N/A</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+ 		</tr>
+ 		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+ 			<td>
+ 					<RuleID id="d21f327516a145bc9d1b05678de656c4" />
+ 			</td>
+ 			<td>100818</td>
+ 			<td>Microsoft SharePoint - Deserialization - CVE:CVE-2025-53771</td>
+ 			<td>N/A</td>
+ 			<td>Block</td>
+ 			<td>This is a New Detection</td>
+		</tr>
+  </tbody>
+</table>
