New updates and improvements at Cloudflare.

WAF Release - 2025-12-11 - Emergency

WAF

This emergency release introduces rules for CVE-2025-55183 and CVE-2025-55184, targeting server-side function exposure and resource-exhaustion patterns, respectively.

Key Findings

Added coverage for Leaking Server Functions (CVE-2025-55183) and React Function DoS detection (CVE-2025-55184).

Impact

These updates strengthen protection for server-function abuse techniques (CVE-2025-55183, CVE-2025-55184) that may expose internal logic or disrupt application availability.

RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset N/AReact - Leaking Server Functions - CVE:CVE-2025-55183N/ABlockThis was labeled as Generic - Server Function Source Code Exposure.
Cloudflare Free Ruleset N/AReact - Leaking Server Functions - CVE:CVE-2025-55183N/ABlockThis was labeled as Generic - Server Function Source Code Exposure.
Cloudflare Managed Ruleset N/AReact - DoS - CVE:CVE-2025-55184N/ADisabledThis was labeled as Generic – Server Function Resource Exhaustion.