---
title: WAF Release - 2025-10-30 - Emergency
description: Cloudflare WAF managed rulesets 2025-10-30 emergency release
image: https://developers.cloudflare.com/changelog-preview.png
---

[Skip to content](#%5Ftop) 

# Changelog

New updates and improvements at Cloudflare.

[ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) 

![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) 

[ ← Back to all posts ](https://developers.cloudflare.com/changelog/) 

## WAF Release - 2025-10-30 - Emergency

Oct 30, 2025 

[ WAF ](https://developers.cloudflare.com/waf/) 

This week’s release introduces a new detection signature that enhances coverage for a critical vulnerability in Oracle E-Business Suite, tracked as CVE-2025-61884.

**Key Findings**

The flaw is easily exploitable and allows an unauthenticated attacker with network access to compromise Oracle Configurator, which can grant access to sensitive resources and configuration data. The affected versions include 12.2.3 through 12.2.14.

**Impact**

Successful exploitation of CVE-2025-61884 may result in unauthorized access to critical business data or full exposure of information accessible through Oracle Configurator. Administrators are strongly advised to apply vendor's patches and recommended mitigations to reduce this exposure.

| Ruleset                    | Rule ID     | Legacy Rule ID | Description                                         | Previous Action | New Action | Comments                |
| -------------------------- | ----------- | -------------- | --------------------------------------------------- | --------------- | ---------- | ----------------------- |
| Cloudflare Managed Ruleset | ...8827402f | N/A            | Oracle E-Business Suite - SSRF - CVE:CVE-2025-61884 | N/A             | Block      | This is a New Detection |