All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

WAF - WAF Release - 2025-07-07

1y ago

Source

CloudflareWAF - WAF Release - 2025-07-07cloudflare.com
Snippet from the RSS feed
This week’s roundup uncovers critical vulnerabilities affecting enterprise VoIP systems, webmail platforms, and a popular JavaScript framework. The risks range from authentication bypass to remote code execution (RCE) and buffer handling flaws, each offering attackers a path to elevate access or fully compromise systems. Key Findings Next.js - Auth Bypass: A newly detected authentication bypass flaw in the Next.js framework allows attackers to access protected routes or APIs without proper authorization, undermining application access controls. Fortinet FortiVoice (CVE-2025-32756): A buffer error vulnerability in FortiVoice systems that could lead to memory corruption and potential code execution or service disruption in enterprise telephony environments. Roundcube (CVE-2025-49113): A critical RCE flaw allowing unauthenticated attackers to execute arbitrary PHP code via crafted requests, leading to full compromise of mail servers and user inboxes. Impact These vulnerabilities affect core business infrastructure, from web interfaces to voice communications and email platforms. The Roundcube RCE and FortiVoice buffer flaw offer potential for deep system access, while the Next.js auth bypass undermines trust boundaries in modern web apps. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset b6558cac8c874bd6878734057eb35ee6 100795 Next.js - Auth Bypass Log Disabled This is a New Detection Cloudflare Managed Ruleset 58fcf6d9c05d4b7a8f41e0a3c329aeb0 100796 Fortinet FortiVoice - Buffer Error - CVE:CVE-2025-32756 Log Disabled This is a New Detection Cloudflare Managed Ruleset 34ed0624bc864ea88bbea55bab314023 100797 Roundcube - Remote Code Execution - CVE:CVE-2025-49113 Log Disabled This is a New Detection

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.