This week's update

This week's focus highlights newly disclosed vulnerabilities in DevOps tooling, data visualization platforms, and enterprise CMS solutions. These issues include sensitive information disclosure and remote code execution, putting organizations at risk of credential leakage, unauthorized access, and full system compromise.

Key Findings

Argo CD (CVE-2025-55190): Exposure of sensitive information could allow attackers to access credential data stored in configurations, potentially leading to compromise of Kubernetes workloads and secrets.
DataEase (CVE-2025-57773): Insufficient input validation enables JNDI injection and insecure deserialization, resulting in remote code execution (RCE). Successful exploitation grants attackers control over the application server.
Sitecore (CVE-2025-53694): A sensitive information disclosure flaw allows unauthorized access to confidential information stored in Sitecore deployments, raising the risk of data breaches and privilege escalation.

Impact

These vulnerabilities expose organizations to serious risks, including credential theft, unauthorized access, and full system compromise. Argo CD's flaw may expose Kubernetes secrets, DataEase exploitation could give attackers remote execution capabilities, and Sitecore's disclosure issue increases the likelihood of sensitive data leakage and business impact.

Administrators are strongly advised to apply vendor patches immediately, rotate exposed credentials, and review access controls to mitigate these risks.

Ruleset

Rule ID

Legacy Rule ID

Description

Previous Action...

剩余内容已隐藏

查看完整文章以阅读更多

查看完整文章

Cloudflare changelogs | Application security

Cloudflare changelogs for Application security products

马上订阅 Cloudflare changelogs | Application security RSS 更新: https://developers.cloudflare.com/changelog/rss/application-security.xml

WAF - WAF Release - 2025-09-15

2025年9月15日 08:00

WAF

This week's update

Key Findings

Argo CD (CVE-2025-55190): Exposure of sensitive information could allow attackers to access credential data stored in configurations, potentially leading to compromise of Kubernetes workloads and secrets.
DataEase (CVE-2025-57773): Insufficient input validation enables JNDI injection and insecure deserialization, resulting in remote code execution (RCE). Successful exploitation grants attackers control over the application server.
Sitecore (CVE-2025-53694): A sensitive information disclosure flaw allows unauthorized access to confidential information stored in Sitecore deployments, raising the risk of data breaches and privilege escalation.

Impact

Administrators are strongly advised to apply vendor patches immediately, rotate exposed credentials, and review access controls to mitigate these risks.

Ruleset

Rule ID

Legacy Rule ID

Description

Previous Action...

剩余内容已隐藏

查看完整文章以阅读更多

查看完整文章

Cloudflare changelogs | Application security

Cloudflare changelogs for Application security products

马上订阅 Cloudflare changelogs | Application security RSS 更新: https://developers.cloudflare.com/changelog/rss/application-security.xml

WAF - WAF Release - 2025-09-15

2025年9月15日 08:00

WAF

This week's update

Key Findings

Argo CD (CVE-2025-55190): Exposure of sensitive information could allow attackers to access credential data stored in configurations, potentially leading to compromise of Kubernetes workloads and secrets.
DataEase (CVE-2025-57773): Insufficient input validation enables JNDI injection and insecure deserialization, resulting in remote code execution (RCE). Successful exploitation grants attackers control over the application server.
Sitecore (CVE-2025-53694): A sensitive information disclosure flaw allows unauthorized access to confidential information stored in Sitecore deployments, raising the risk of data breaches and privilege escalation.

Impact

Administrators are strongly advised to apply vendor patches immediately, rotate exposed credentials, and review access controls to mitigate these risks.

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action... 剩余内容已隐藏查看完整文章以阅读更多查看完整文章