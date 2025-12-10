 Skip to content
WAF Release - 2025-12-10 - Emergency

WAF

This additional week's emergency release introduces improvements to our existing rule for React – Remote Code Execution – CVE-2025-55182 - 2, along with two new generic detections covering server-side function exposure and resource-exhaustion patterns.

Key Findings

Enhanced detection logic for React – RCE – CVE-2025-55182, added Generic – Server Function Source Code Exposure, and added Generic – Server Function Resource Exhaustion.

Impact

These updates strengthen protection against React RCE exploitation attempts and broaden coverage for common server-function abuse techniques that may expose internal logic or disrupt application availability.

RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset N/AReact - Remote Code Execution - CVE:CVE-2025-55182 - 2N/ABlockThis is an improved detection.
Cloudflare Free Ruleset N/AReact - Remote Code Execution - CVE:CVE-2025-55182 - 2N/ABlockThis is an improved detection.
Cloudflare Managed Ruleset N/AGeneric - Server Function Source Code ExposureN/ABlockThis is a new detection.
Cloudflare Free Ruleset N/AGeneric - Server Function Source Code ExposureN/ABlockThis is a new detection.
Cloudflare Managed Ruleset N/AGeneric - Server Function Resource ExhaustionN/ADisabledThis is a new detection.