WAF - WAF Release - 2026-02-16
4mo ago
Source
CloudflareWAF - WAF Release - 2026-02-16cloudflare.comThis week’s release introduces new detections for CVE-2025-68645 and CVE-2025-31125. Key Findings CVE-2025-68645: A Local File Inclusion (LFI) vulnerability in the Webmail Classic UI of Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 allows unauthenticated remote attackers to craft requests to the /h/rest endpoint, improperly influence internal dispatching, and include arbitrary files from the WebRoot directory. CVE-2025-31125: Vite, the JavaScript frontend tooling framework, exposes content of non-allowed files via ?inline&import when its development server is network-exposed, enabling unauthorized attackers to read arbitrary files and potentially leak sensitive information. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset 695d76ff756844d384cab548833761f7 N/A Zimbra - Local File Inclusion - CVE:CVE-2025-68645 Log Block This is a new detection. Cloudflare Managed Ruleset 38fff9f3deba46a2abc10a8f950ed8c8 N/A Vite - WASM Import Path Traversal - CVE:CVE-2025-31125 Log Block This is a new detection.
You might also wanna read
Cloudflare expands AI bot management tools with granular traffic controls for all customers
Cloudflare is celebrating the second "Content Independence Day" by expanding AI traffic management options for all website owners. Building
Workers - Simpler runtime types with @cloudflare/workers-types v5
Cloudflare·1d ago
AI Search - Manage AI Search sync jobs with Wrangler CLI
Cloudflare·2d ago
Workers - Work across multiple accounts with Wrangler auth profiles
Cloudflare·2d ago
Cache - Cache multiple versions of a URL with Vary
Cloudflare·2d ago
Cloudflare One - Hostname routing for Cloudflare Mesh
Cloudflare·2d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.