Cloudflare changelogs | Application security
Cloudflare changelogs for Application security products
马上订阅 Cloudflare changelogs | Application security RSS 更新: https://developers.cloudflare.com/changelog/rss/application-security.xml
WAF - WAF Release - 2025-08-29 - Emergency
This week's update
This week, new critical vulnerabilities were disclosed in Next.js’s image optimization functionality, exposing a broad range of production environments to risks of data exposure and cache manipulation.
Key Findings
-
CVE-2025-55173: Arbitrary file download from the server via image optimization.
-
CVE-2025-57752: Cache poisoning leading to unauthorized data disclosure.
Impact
Exploitation could expose sensitive files, leak user or backend data, and undermine application trust. Given Next.js’s wide use, immediate patching and cache hardening are strongly advised.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | ea55f8aac44246cc9b827eea9ff4bfe3 | 100613 | Next.js - Dangerous File Download - CVE:CVE-2025-55173 | N/A | Block | This is a new detection |
| Cloudflare Managed Ruleset | e2b2d77a79cc4a76bf7ba53d69b9ea7d | 100616 | Next.js - Information Disclosure - CVE:CVE-2025-57752 | N/A | Block | This is a new detection |