{"id":56,"date":"2025-12-03T00:00:00","date_gmt":"2025-12-03T00:00:00","guid":{"rendered":"https:\/\/wordpress.securinsight.ca\/index.php\/2025\/12\/03\/waf-waf-release-2025-12-03-emergency\/"},"modified":"2025-12-03T00:00:00","modified_gmt":"2025-12-03T00:00:00","slug":"waf-waf-release-2025-12-03-emergency","status":"publish","type":"post","link":"https:\/\/wordpress.securinsight.ca\/index.php\/2025\/12\/03\/waf-waf-release-2025-12-03-emergency\/","title":{"rendered":"WAF &#8211; WAF Release &#8211; 2025-12-03 &#8211; Emergency"},"content":{"rendered":"<p>The WAF rule deployed yesterday to block unsafe deserialization-based RCE has been updated. The rule description now reads \u201cReact \u2013 RCE \u2013 CVE-2025-55182\u201d, explicitly mapping to the recently disclosed React Server Components vulnerability. Detection logic remains unchanged.<\/p>\n<p><strong>Key Findings<\/strong><\/p>\n<p>Rule description updated to reference React \u2013 RCE \u2013 CVE-2025-55182 while retaining existing unsafe-deserialization detection.<\/p>\n<p><strong>Impact<\/strong><\/p>\n<p>Improved classification and traceability with no change to coverage against remote code execution attempts.<\/p>\n<table>\n<thead>\n<tr>\n<th>Ruleset<\/th>\n<th>Rule ID<\/th>\n<th>Legacy Rule ID<\/th>\n<th>Description<\/th>\n<th>Previous Action<\/th>\n<th>New Action<\/th>\n<th>Comments<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Cloudflare Managed Ruleset<\/td>\n<td>33aa8a8a948b48b28d40450c5fb92fba  <\/td>\n<td>N\/A<\/td>\n<td>React &#8211; RCE &#8211; CVE:CVE-2025-55182<\/td>\n<td>N\/A<\/td>\n<td>Block<\/td>\n<td>Rule metadata description changed. Detection unchanged.<\/td>\n<\/tr>\n<tr>\n<td>Cloudflare Free Ruleset<\/td>\n<td>2b5d06e34a814a889bee9a0699702280  <\/td>\n<td>N\/A<\/td>\n<td>React &#8211; RCE &#8211; CVE:CVE-2025-55182<\/td>\n<td>N\/A<\/td>\n<td>Block<\/td>\n<td>Rule metadata description changed. Detection unchanged.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>","protected":false},"excerpt":{"rendered":"<p>The WAF rule deployed yesterday to block unsafe deserialization-based RCE has been updated. The rule description now reads \u201cReact \u2013 RCE \u2013 CVE-2025-55182\u201d, explicitly mapping to the recently disclosed React Server Components vulnerability. Detection logic remains unchanged. Key Findings Rule description updated to reference React \u2013 RCE \u2013 CVE-2025-55182 while retaining existing unsafe-deserialization detection. Impact [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-56","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/56","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/comments?post=56"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/56\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/media?parent=56"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/categories?post=56"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/tags?post=56"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}