This week’s release introduces new detections for CVE-2025-68645 and CVE-2025-31125.
Key Findings
- CVE-2025-68645: A Local File Inclusion (LFI) vulnerability in the Webmail Classic UI of Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 allows unauthenticated remote attackers to craft requests to the
/h/restendpoint, improperly influence internal dispatching, and include arbitrary files from the WebRoot directory. - CVE-2025-31125: Vite, the JavaScript frontend tooling framework, exposes content of non-allowed files via
?inline&importwhen its development server is network-exposed, enabling unauthorized attackers to read arbitrary files and potentially leak sensitive information.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 695d76ff756844d384cab548833761f7 | N/A | Zimbra – Local File Inclusion – CVE:CVE-2025-68645 | Log | Block | This is a new detection. |
| Cloudflare Managed Ruleset | 38fff9f3deba46a2abc10a8f950ed8c8 | N/A | Vite – WASM Import Path Traversal – CVE:CVE-2025-31125 | Log | Block | This is a new detection. |
Source: Cloudflare
Latest Posts
- Amazon Bedrock AgentCore Runtime now supports stateful MCP server features
- Amazon Bedrock now supports observability of First Token Latency and Quota Consumption
- Browser Rendering – Crawl entire websites with a single API call using Browser Rendering
- Zero Trust WARP Client – WARP client for macOS (version 2026.3.566.1)
