The WAF rule deployed yesterday to block unsafe deserialization-based RCE has been updated. The rule description now reads “React – RCE – CVE-2025-55182”, explicitly mapping to the recently disclosed React Server Components vulnerability. Detection logic remains unchanged.
Key Findings
Rule description updated to reference React – RCE – CVE-2025-55182 while retaining existing unsafe-deserialization detection.
Impact
Improved classification and traceability with no change to coverage against remote code execution attempts.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 33aa8a8a948b48b28d40450c5fb92fba | N/A | React – RCE – CVE:CVE-2025-55182 | N/A | Block | Rule metadata description changed. Detection unchanged. |
| Cloudflare Free Ruleset | 2b5d06e34a814a889bee9a0699702280 | N/A | React – RCE – CVE:CVE-2025-55182 | N/A | Block | Rule metadata description changed. Detection unchanged. |
Source: Cloudflare
![(Updated) Consult and merge into a meeting or group call via Dual-Tone Multi-Frequency (DTMF) [MC1183611]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-pixabay-415574-150x150.webp "(Updated) Consult and merge into a meeting or group call via Dual-Tone Multi-Frequency (DTMF) [MC1183611] 6")
![(Updated) Microsoft 365 Copilot: Podcast voice interactions make audio experiences conversational [MC1183009]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-towfiqu-barbhuiya-3440682-11921157-96x96.webp "(Updated) Microsoft 365 Copilot: Podcast voice interactions make audio experiences conversational [MC1183009] 7")