All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

WAF - WAF Release - 2025-09-04 - Emergency

10mo ago

Source

CloudflareWAF - WAF Release - 2025-09-04 - Emergencycloudflare.com
Snippet from the RSS feed
This week's update This week, new critical vulnerabilities were disclosed in Sitecore’s Sitecore Experience Manager (XM), Sitecore Experience Platform (XP), specifically versions 9.0 through 9.3, and 10.0 through 10.4. These flaws are caused by unsafe data deserialization and code reflection, leaving affected systems at high risk of exploitation. Key Findings CVE-2025-53690: Remote Code Execution through Insecure Deserialization CVE-2025-53691: Remote Code Execution through Insecure Deserialization CVE-2025-53693: HTML Cache Poisoning through Unsafe Reflections Impact Exploitation could allow attackers to execute arbitrary code remotely on the affected system and conduct cache poisoning attacks, potentially leading to further compromise. Applying the latest vendor-released solution without delay is strongly recommended. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset 588edc74df1f4609b3c2f7ef0ee2c15e 100878 Sitecore - Remote Code Execution - CVE:CVE-2025-53691 N/A Block This is a new detection Cloudflare Managed Ruleset d1bd7563e6254db48ce703807c5b669c 100631 Sitecore - Cache Poisoning - CVE:CVE-2025-53693 N/A Block This is a new detection Cloudflare Managed Ruleset ed94c7ce5301411a94a21a096c410240 100879 Sitecore - Remote Code Execution - CVE:CVE-2025-53690 N/A Block This is a new detection

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.