This week’s release introduces new detections for CVE-2025-64459 and CVE-2025-24893.
Key Findings
- CVE-2025-64459: Django versions prior to 5.1.14, 5.2.8, and 4.2.26 are vulnerable to SQL injection via crafted dictionaries passed to QuerySet methods and the
Q()class. - CVE-2025-24893: XWiki allows unauthenticated remote code execution through crafted requests to the SolrSearch endpoint, affecting the entire installation.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 7a47683eacce4abd870ab2c630698ff3 | N/A | XWiki – Remote Code Execution – CVE:CVE-2025-24893 2 | Log | Block | This is a new detection. |
| Cloudflare Managed Ruleset | ad5c52f6ca334ef4a844e5e5da8ba7e6 | N/A | Django SQLI – CVE:CVE-2025-64459 | Log | Block | This is a new detection. |
| Cloudflare Managed Ruleset | f3a89a84e3744021a2f8e9291b138b3e | N/A | NoSQL, MongoDB – SQLi – Comparison | Block | Block | Changed the description of the rule. |
Source: Cloudflare
Latest Posts
- (Updated) Microsoft 365 Copilot: Researcher agent output formats [MC1224569]
- AWS Management Console now displays Account Name on the Navigation bar for easier account identification
- Amazon Connect launches an appeals workflow for agent performance evaluations
- AWS Lake Formation is now available in Asia Pacific (New Zealand) Region
![(Updated) Microsoft SharePoint: New web part for FAQs powered by Microsoft 365 Copilot [MC1074972]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-thisisengineering-3862132-150x150.webp "(Updated) Microsoft SharePoint: New web part for FAQs powered by Microsoft 365 Copilot [MC1074972] 6")
