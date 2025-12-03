Changelog
WAF Release - 2025-12-03 - Emergency
The WAF rule deployed yesterday to block unsafe deserialization-based RCE has been updated. The rule description now reads “React – RCE – CVE-2025-55182”, explicitly mapping to the recently disclosed React Server Components vulnerability. Detection logic remains unchanged.
Key Findings
Rule description updated to reference React – RCE – CVE-2025-55182 while retaining existing unsafe-deserialization detection.
Impact
Improved classification and traceability with no change to coverage against remote code execution attempts.
|Ruleset
|Rule ID
|Legacy Rule ID
|Description
|Previous Action
|New Action
|Comments
|Cloudflare Managed Ruleset
|N/A
|React - RCE - CVE:CVE-2025-55182
|N/A
|Block
|Rule metadata description changed. Detection unchanged.
|Cloudflare Free Ruleset
|N/A
|React - RCE - CVE:CVE-2025-55182
|N/A
|Block
|Rule metadata description changed. Detection unchanged.