WAF - WAF Release - 2025-09-22
9mo ago
Source
CloudflareWAF - WAF Release - 2025-09-22cloudflare.comThis week emphasizes two critical vendor-specific vulnerabilities: a full elevation-of-privilege in Microsoft Azure Networking (CVE-2025-54914) and a server-side template injection (SSTI) leading to remote code execution (RCE) in Skyvern (CVE-2025-49619). These are complemented by enhancements in generic detections (SQLi, SSRF) to improve baseline coverage. Key Findings Azure (CVE-2025-54914): Vulnerability in Azure Networking allowing elevation of privileges. Skyvern (CVE-2025-49619): Skyvern ≤ 0.1.85 has a server-side template injection (SSTI) vulnerability in its Prompt field (workflow blocks) via Jinja2. Authenticated users with low privileges can get remote code execution (blind). Generic SQLi / SSRF improvements: Expanded rule coverage to detect obfuscated SQL injection patterns and SSRF across host, local, and cloud contexts. Impact These vulnerabilities allow attackers to escalate privileges or execute code under conditions where previously they could not: Azure CVE-2025-54914 enables an attacker from the network with no credentials to gain high-level access within Azure Networking; could lead to full compromise of networking components. Skyvern CVE-2025-49619 allows authenticated users with minimal privilege to exploit SSTI for remote code execution, undermining isolation of workflow components. The improvements for SQLi and SSRF reduce risk from common injection and request-based attacks. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset c36a425ae0c94789a9bc34f06a135cbf 100146 SSRF - Host - 2 Log Disabled This is a New Detection Cloudflare Managed Ruleset dfa84b0aed5a4b45b953a36a57035abf 100146B SSRF - Local - 2 Log Disabled This is a New Detection Cloudflare Managed Ruleset 276073e60c7a4b4d91faba1fbbe18d50 100146C SSRF - Cloud - 2 Log Disabled This is a New Detection Cloudflare Managed Ruleset 78c856218f2d40f4b5988c8c956c1961 100714 Azure - Auth Bypass - CVE:CVE-2025-54914 Log Block This is a New Detection Cloudflare Managed Ruleset 9f1c8d4cbf3848dbb940771bc5ced231 100758 Skyvern - Remote Code Execution - CVE:CVE-2025-49619 Log Block This is a New Detection Cloudflare Managed Ruleset 6be7e7829f3b43c688e1ac4284a619a1 100773 Next.js - SSRF Log Block This is a New Detection Cloudflare Managed Ruleset 0cc3f50216bf4b448210bcc3983ff2dd 100774 Adobe Commerce - Remote Code Execution - CVE:CVE-2025-54236 Log Block This is a New Detection Cloudflare Managed Ruleset 53bfaeb311a049e3877fa15c0380a1a6 100800_BETA SQLi - Obfuscated Boolean - Beta Log Block This rule has been merged into the original rule (ID: 7663ea44178441a0b3205c145563445f )
You might also wanna read
Cloudflare expands AI bot management tools with granular traffic controls for all customers
Cloudflare is celebrating the second "Content Independence Day" by expanding AI traffic management options for all website owners. Building
Workers - Simpler runtime types with @cloudflare/workers-types v5
Cloudflare·1d ago
Workers - Work across multiple accounts with Wrangler auth profiles
Cloudflare·2d ago
Cache - Cache multiple versions of a URL with Vary
Cloudflare·2d ago
Cloudflare One - Hostname routing for Cloudflare Mesh
Cloudflare·2d ago
AI Search - Manage AI Search sync jobs with Wrangler CLI
Cloudflare·2d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.