{"id":30,"date":"2025-08-07T00:00:00","date_gmt":"2025-08-07T00:00:00","guid":{"rendered":"https:\/\/wordpress.securinsight.ca\/index.php\/2025\/08\/07\/waf-waf-release-2025-08-07-emergency\/"},"modified":"2025-08-07T00:00:00","modified_gmt":"2025-08-07T00:00:00","slug":"waf-waf-release-2025-08-07-emergency","status":"publish","type":"post","link":"https:\/\/wordpress.securinsight.ca\/index.php\/2025\/08\/07\/waf-waf-release-2025-08-07-emergency\/","title":{"rendered":"WAF &#8211; WAF Release &#8211; 2025-08-07 &#8211; Emergency"},"content":{"rendered":"<p>This week\u2019s highlight focuses on two critical vulnerabilities affecting key infrastructure and enterprise content management platforms. Both flaws present significant remote code execution risks that can be exploited with minimal or no user interaction.<\/p>\n<p><strong>Key Findings<\/strong><\/p>\n<ul>\n<li>\n<p>Squid (\u22646.3) \u2014 CVE-2025-54574: A heap buffer overflow occurs when processing Uniform Resource Names (URNs). This vulnerability may allow remote attackers to execute arbitrary code on the server. The issue has been resolved in version 6.4.<\/p>\n<\/li>\n<li>\n<p>Adobe AEM (\u22646.5.23) \u2014 CVE-2025-54253: Due to a misconfiguration, attackers can achieve remote code execution without requiring any user interaction, posing a severe threat to affected deployments.<\/p>\n<\/li>\n<\/ul>\n<p><strong>Impact<\/strong><\/p>\n<p>Both vulnerabilities expose critical attack vectors that can lead to full server compromise. The Squid heap buffer overflow allows remote code execution by crafting malicious URNs, which can lead to server takeover or denial of service. Given Squid\u2019s widespread use as a caching proxy, this flaw could be exploited to disrupt network traffic or gain footholds inside secure environments.<\/p>\n<p>Adobe AEM\u2019s remote code execution vulnerability enables attackers to run arbitrary code on the content management server without any user involvement. This puts sensitive content, application integrity, and the underlying infrastructure at extreme risk. Exploitation could lead to data theft, defacement, or persistent backdoor installation.<\/p>\n<p>These findings reinforce the urgency of updating to the patched versions \u2014 Squid 6.4 and Adobe AEM 6.5.24 or later \u2014 and reviewing configurations to prevent exploitation.<\/p>\n<table>\n<thead>\n<tr>\n<th>Ruleset<\/th>\n<th>Rule ID<\/th>\n<th>Legacy Rule ID<\/th>\n<th>Description<\/th>\n<th>Previous Action<\/th>\n<th>New Action<\/th>\n<th>Comments<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Cloudflare Managed Ruleset<\/td>\n<td>f61ed7c1e7e24c3380289e41ef7e015b  <\/td>\n<td>100844<\/td>\n<td>Adobe Experience Manager Forms &#8211; Remote Code Execution &#8211; CVE:CVE-2025-54253<\/td>\n<td>N\/A<\/td>\n<td>Block<\/td>\n<td>This is a New Detection<\/td>\n<\/tr>\n<tr>\n<td>Cloudflare Managed Ruleset<\/td>\n<td>e76e65f5a3aa43f49e0684a6baec057a  <\/td>\n<td>100840<\/td>\n<td>Squid &#8211; Buffer Overflow &#8211; CVE:CVE-2025-54574<\/td>\n<td>N\/A<\/td>\n<td>Block<\/td>\n<td>This is a New Detection<\/td>\n<\/tr>\n<\/tbody>\n<\/table>","protected":false},"excerpt":{"rendered":"<p>This week\u2019s highlight focuses on two critical vulnerabilities affecting key infrastructure and enterprise content management platforms. Both flaws present significant remote code execution risks that can be exploited with minimal or no user interaction. Key Findings Squid (\u22646.3) \u2014 CVE-2025-54574: A heap buffer overflow occurs when processing Uniform Resource Names (URNs). This vulnerability may allow [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-30","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/30","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/comments?post=30"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/30\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/media?parent=30"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/categories?post=30"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/tags?post=30"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}