All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

WAF - WAF Release - 2025-06-09

1y ago

Source

CloudflareWAF - WAF Release - 2025-06-09cloudflare.com
Snippet from the RSS feed
This week’s update spotlights four critical vulnerabilities across CMS platforms, VoIP systems, and enterprise applications. Several flaws enable remote code execution or privilege escalation, posing significant enterprise risks. Key Findings WordPress OttoKit Plugin (CVE-2025-27007): Privilege escalation flaw allows unauthenticated attackers to create or elevate user accounts, compromising WordPress administrative control. SAP NetWeaver (CVE-2025-42999): Remote Code Execution vulnerability enables attackers to execute arbitrary code on SAP NetWeaver systems, threatening core ERP and business operations. Fortinet FortiVoice (CVE-2025-32756): Buffer error vulnerability may lead to memory corruption and potential code execution, directly impacting enterprise VoIP infrastructure. Camaleon CMS (CVE-2024-46986): Remote Code Execution vulnerability allows attackers to gain full control over Camaleon CMS installations, exposing hosted content and underlying servers. Impact These vulnerabilities target widely deployed CMS, ERP, and VoIP systems. RCE flaws in SAP NetWeaver and Camaleon CMS allow full takeover of business-critical applications. Privilege escalation in OttoKit exposes WordPress environments to full administrative compromise. FortiVoice buffer handling issues risk destabilizing or fully compromising enterprise telephony systems. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset 4afd50a3ef1948bba87c4e620debd86e 100769 WordPress OttoKit Plugin - Privilege Escalation - CVE:CVE-2025-27007 Log Block This is a New Detection Cloudflare Managed Ruleset 24134c41c3e940daa973b4b95f57b448 100770 SAP NetWeaver - Remote Code Execution - CVE:CVE-2025-42999 Log Block This is a New Detection Cloudflare Managed Ruleset 4f219ac0be3545a5be5f0bf34df8857a 100779 Fortinet FortiVoice - Buffer Error - CVE:CVE-2025-32756 Log Block This is a New Detection Cloudflare Managed Ruleset bc8dfbe8cbac4c039725ec743b840107 100780 Camaleon CMS - Remote Code Execution - CVE:CVE-2024-46986 Log Block This is a New Detection

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.