---
title: WAF Release - 2025-12-01
description: Cloudflare WAF managed rulesets 2025-12-01 release
image: https://developers.cloudflare.com/changelog-preview.png
---

[Skip to content](#%5Ftop) 

# Changelog

New updates and improvements at Cloudflare.

[ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) 

![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) 

[ ← Back to all posts ](https://developers.cloudflare.com/changelog/) 

## WAF Release - 2025-12-01

Dec 01, 2025 

[ WAF ](https://developers.cloudflare.com/waf/) 

This week’s release introduces new detections for remote code execution attempts targeting Monsta FTP (CVE-2025-34299), alongside improvements to an existing XSS detection to enhance coverage.

**Key Findings**

* CVE-2025-34299 is a critical remote code execution flaw in Monsta FTP, arising from improper handling of user-supplied parameters within the file-handling interface. Certain builds allow crafted requests to bypass sanitization and reach backend PHP functions that execute arbitrary commands. Attackers can send manipulated parameters through the web panel to trigger command execution within the application’s runtime environment.

**Impact**

If exploited, the vulnerability enables full remote command execution on the underlying server, allowing takeover of the hosting environment, unauthorized file access, and potential lateral movement. As the flaw can be triggered without authentication on exposed Monsta FTP instances, it represents a severe risk for publicly reachable deployments.

| Ruleset                    | Rule ID     | Legacy Rule ID | Description                                             | Previous Action | New Action | Comments                                                                                 |
| -------------------------- | ----------- | -------------- | ------------------------------------------------------- | --------------- | ---------- | ---------------------------------------------------------------------------------------- |
| Cloudflare Managed Ruleset | ...a4fcc8a8 | N/A            | Monsta FTP - Remote Code Execution - CVE:CVE-2025-34299 | Log             | Block      | This is a new detection                                                                  |
| Cloudflare Managed Ruleset | ...b7492846 | N/A            | XSS - JS Context Escape - Beta                          | Log             | Block      | This rule is merged into the original rule "XSS - JS Context Escape" (ID: ...7a3769d3  ) |