WAF – WAF Release – 2025-09-04 – Emergency

WAF – WAF Release – 2025-09-04 – Emergency

This week’s update

This week, new critical vulnerabilities were disclosed in Sitecore’s Sitecore Experience Manager (XM), Sitecore Experience Platform (XP), specifically versions 9.0 through 9.3, and 10.0 through 10.4. These flaws are caused by unsafe data deserialization and code reflection, leaving affected systems at high risk of exploitation.

Key Findings

  • CVE-2025-53690: Remote Code Execution through Insecure Deserialization
  • CVE-2025-53691: Remote Code Execution through Insecure Deserialization
  • CVE-2025-53693: HTML Cache Poisoning through Unsafe Reflections

Impact

Exploitation could allow attackers to execute arbitrary code remotely on the affected system and conduct cache poisoning attacks, potentially leading to further compromise. Applying the latest vendor-released solution without delay is strongly recommended.

RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset588edc74df1f4609b3c2f7ef0ee2c15e 100878Sitecore – Remote Code Execution – CVE:CVE-2025-53691N/ABlockThis is a new detection
Cloudflare Managed Rulesetd1bd7563e6254db48ce703807c5b669c 100631Sitecore – Cache Poisoning – CVE:CVE-2025-53693N/ABlockThis is a new detection
Cloudflare Managed Ruleseted94c7ce5301411a94a21a096c410240 100879Sitecore – Remote Code Execution – CVE:CVE-2025-53690N/ABlockThis is a new detection

Source: Cloudflare



Latest Posts

Pass It On
Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *