All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

WAF - WAF Release - 2025-09-01

10mo ago

Source

CloudflareWAF - WAF Release - 2025-09-01cloudflare.com
Snippet from the RSS feed
This week's update This week, a critical vulnerability was disclosed in Fortinet FortiWeb (versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and versions 7.0.10 and below), linked to improper parameter handling that could allow unauthorized access. Key Findings Fortinet FortiWeb (CVE-2025-52970): A vulnerability may allow an unauthenticated remote attacker with access to non-public information to log in as any existing user on the device via a specially crafted request. Impact Exploitation could allow an unauthenticated attacker to impersonate any existing user on the device, potentially enabling them to modify system settings or exfiltrate sensitive information, posing a serious security risk. Upgrading to the latest vendor-released version is strongly recommended. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset 636b145a49a84946b990d4fac49b7cf8 100586 Fortinet FortiWeb - Auth Bypass - CVE:CVE-2025-52970 Log Disabled This is a New Detection Cloudflare Managed Ruleset b5ef1ace353841a0856b5e07790c9dde 100136C XSS - JavaScript - Headers and Body N/A N/A Rule metadata description refined. Detection unchanged.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.