{"id":238,"date":"2026-02-16T00:00:00","date_gmt":"2026-02-16T00:00:00","guid":{"rendered":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/02\/16\/waf-waf-release-2026-02-16\/"},"modified":"2026-02-16T00:00:00","modified_gmt":"2026-02-16T00:00:00","slug":"waf-waf-release-2026-02-16","status":"publish","type":"post","link":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/02\/16\/waf-waf-release-2026-02-16\/","title":{"rendered":"WAF &#8211; WAF Release &#8211; 2026-02-16"},"content":{"rendered":"<p>This week\u2019s release introduces new detections for CVE-2025-68645 and CVE-2025-31125.<\/p>\n<p><strong>Key Findings<\/strong><\/p>\n<ul>\n<li>CVE-2025-68645: A Local File Inclusion (LFI) vulnerability in the Webmail Classic UI of Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 allows unauthenticated remote attackers to craft requests to the <code>\/h\/rest<\/code> endpoint, improperly influence internal dispatching, and include arbitrary files from the WebRoot directory.<\/li>\n<li>CVE-2025-31125: Vite, the JavaScript frontend tooling framework, exposes content of non-allowed files via <code>?inline&amp;import<\/code> when its development server is network-exposed, enabling unauthorized attackers to read arbitrary files and potentially leak sensitive information.<\/li>\n<\/ul>\n<table>\n<thead>\n<tr>\n<th>Ruleset<\/th>\n<th>Rule ID<\/th>\n<th>Legacy Rule ID<\/th>\n<th>Description<\/th>\n<th>Previous Action<\/th>\n<th>New Action<\/th>\n<th>Comments<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Cloudflare Managed Ruleset<\/td>\n<td>695d76ff756844d384cab548833761f7  <\/td>\n<td>N\/A<\/td>\n<td>Zimbra &#8211; Local File Inclusion &#8211; CVE:CVE-2025-68645<\/td>\n<td>Log<\/td>\n<td>Block<\/td>\n<td>This is a new detection.<\/td>\n<\/tr>\n<tr>\n<td>Cloudflare Managed Ruleset<\/td>\n<td>38fff9f3deba46a2abc10a8f950ed8c8  <\/td>\n<td>N\/A<\/td>\n<td>Vite &#8211; WASM Import Path Traversal &#8211; CVE:CVE-2025-31125<\/td>\n<td>Log<\/td>\n<td>Block<\/td>\n<td>This is a new detection.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>","protected":false},"excerpt":{"rendered":"<p>This week\u2019s release introduces new detections for CVE-2025-68645 and CVE-2025-31125. Key Findings CVE-2025-68645: A Local File Inclusion (LFI) vulnerability in the Webmail Classic UI of Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 allows unauthenticated remote attackers to craft requests to the \/h\/rest endpoint, improperly influence internal dispatching, and include arbitrary files from the WebRoot directory. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-238","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/238","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/comments?post=238"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/238\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/media?parent=238"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/categories?post=238"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/tags?post=238"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}