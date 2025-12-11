Changelog
WAF Release - 2025-12-11 - Emergency
This emergency release introduces rules for CVE-2025-55183 and CVE-2025-55184, targeting server-side function exposure and resource-exhaustion patterns, respectively.
Key Findings
Added coverage for Leaking Server Functions (CVE-2025-55183) and React Function DoS detection (CVE-2025-55184).
Impact
These updates strengthen protection for server-function abuse techniques (CVE-2025-55183, CVE-2025-55184) that may expose internal logic or disrupt application availability.
|Ruleset
|Rule ID
|Legacy Rule ID
|Description
|Previous Action
|New Action
|Comments
|Cloudflare Managed Ruleset
|N/A
|React - Leaking Server Functions - CVE:CVE-2025-55183
|N/A
|Block
|This was labeled as Generic - Server Function Source Code Exposure.
|Cloudflare Free Ruleset
|N/A
|React - Leaking Server Functions - CVE:CVE-2025-55183
|N/A
|Block
|This was labeled as Generic - Server Function Source Code Exposure.
|Cloudflare Managed Ruleset
|N/A
|React - DoS - CVE:CVE-2025-55184
|N/A
|Disabled
|This was labeled as Generic – Server Function Resource Exhaustion.