WAF - WAF Release - 2025-06-02
1y ago
Source
CloudflareWAF - WAF Release - 2025-06-02cloudflare.comThis week’s roundup highlights five high-risk vulnerabilities affecting SD-WAN, load balancers, and AI platforms. Several flaws enable unauthenticated remote code execution or authentication bypass. Key Findings Versa Concerto SD-WAN (CVE-2025-34026, CVE-2025-34027): Authentication bypass vulnerabilities allow attackers to gain unauthorized access to SD-WAN management interfaces, compromising network segmentation and control. Kemp LoadMaster (CVE-2024-7591): Remote Code Execution vulnerability enables attackers to execute arbitrary commands, potentially leading to full device compromise within enterprise load balancing environments. AnythingLLM (CVE-2024-0759): Server-Side Request Forgery (SSRF) flaw allows external attackers to force the LLM backend to make unauthorized internal network requests, potentially exposing sensitive internal resources. Anyscale Ray (CVE-2023-48022): Remote Code Execution vulnerability affecting distributed AI workloads, allowing attackers to execute arbitrary code on Ray cluster nodes. Server-Side Request Forgery (SSRF) - Generic & Obfuscated Payloads: Ongoing advancements in SSRF payload techniques observed, including obfuscation and expanded targeting of cloud metadata services and internal IP ranges. Impact These vulnerabilities expose critical infrastructure across networking, AI platforms, and SaaS integrations. Unauthenticated RCE and auth bypass flaws in Versa Concerto, Kemp LoadMaster, and Anyscale Ray allow full system compromise. AnythingLLM and SSRF payload variants expand attack surfaces into internal cloud resources, sensitive APIs, and metadata services, increasing risk of privilege escalation, data theft, and persistent access. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset 752cfb5e6f9c46f0953c742139b52f02 100764 Versa Concerto SD-WAN - Auth Bypass - CVE:CVE-2025-34027 Log Block This is a New Detection Cloudflare Managed Ruleset a01171de18034901b48a5549a34edb97 100765 Versa Concerto SD-WAN - Auth Bypass - CVE:CVE-2025-34026 Log Block This is a New Detection Cloudflare Managed Ruleset 840b35492a7543c18ffe50fc0d99b2db 100766 Kemp LoadMaster - Remote Code Execution - CVE:CVE-2024-7591 Log Block This is a New Detection Cloudflare Managed Ruleset 121b7070de3a459dbe80d7ed95aa3a4f 100767 AnythingLLM - SSRF - CVE:CVE-2024-0759 Log Block This is a New Detection Cloudflare Managed Ruleset 215417f989e2485a9c50eca0840a0966 100768 Anyscale Ray - Remote Code Execution - CVE:CVE-2023-48022 Log Block This is a New Detection Cloudflare Managed Ruleset 3ed619a17d4141bda3a8c3869d16ee18 100781 SSRF - Generic Payloads N/A Disabled This is a New Detection Cloudflare Managed Ruleset 7ce73f6a70be49f8944737465c963d9d 100782 SSRF - Obfuscated Payloads N/A Disabled This is a New Detection
You might also wanna read
Cloudflare expands AI bot management tools with granular traffic controls for all customers
Cloudflare is celebrating the second "Content Independence Day" by expanding AI traffic management options for all website owners. Building
Workers - Simpler runtime types with @cloudflare/workers-types v5
Cloudflare·1d ago
AI Search - Manage AI Search sync jobs with Wrangler CLI
Cloudflare·2d ago
Workers - Work across multiple accounts with Wrangler auth profiles
Cloudflare·2d ago
Cache - Cache multiple versions of a URL with Vary
Cloudflare·2d ago
Cloudflare One - Hostname routing for Cloudflare Mesh
Cloudflare·2d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.