WAF - WAF Release - 2025-09-04 - Emergency
10mo ago
Source
CloudflareWAF - WAF Release - 2025-09-04 - Emergencycloudflare.comThis week's update This week, new critical vulnerabilities were disclosed in Sitecore’s Sitecore Experience Manager (XM), Sitecore Experience Platform (XP), specifically versions 9.0 through 9.3, and 10.0 through 10.4. These flaws are caused by unsafe data deserialization and code reflection, leaving affected systems at high risk of exploitation. Key Findings CVE-2025-53690: Remote Code Execution through Insecure Deserialization CVE-2025-53691: Remote Code Execution through Insecure Deserialization CVE-2025-53693: HTML Cache Poisoning through Unsafe Reflections Impact Exploitation could allow attackers to execute arbitrary code remotely on the affected system and conduct cache poisoning attacks, potentially leading to further compromise. Applying the latest vendor-released solution without delay is strongly recommended. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset 588edc74df1f4609b3c2f7ef0ee2c15e 100878 Sitecore - Remote Code Execution - CVE:CVE-2025-53691 N/A Block This is a new detection Cloudflare Managed Ruleset d1bd7563e6254db48ce703807c5b669c 100631 Sitecore - Cache Poisoning - CVE:CVE-2025-53693 N/A Block This is a new detection Cloudflare Managed Ruleset ed94c7ce5301411a94a21a096c410240 100879 Sitecore - Remote Code Execution - CVE:CVE-2025-53690 N/A Block This is a new detection
You might also wanna read
Cloudflare expands AI bot management tools with granular traffic controls for all customers
Cloudflare is celebrating the second "Content Independence Day" by expanding AI traffic management options for all website owners. Building
Workers - Simpler runtime types with @cloudflare/workers-types v5
Cloudflare·2d ago
Workers - Work across multiple accounts with Wrangler auth profiles
Cloudflare·3d ago
Cache - Cache multiple versions of a URL with Vary
Cloudflare·3d ago
Cloudflare One - Hostname routing for Cloudflare Mesh
Cloudflare·3d ago
AI Search - Manage AI Search sync jobs with Wrangler CLI
Cloudflare·3d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.