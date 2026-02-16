 Skip to content
WAF Release - 2026-02-16

WAF

This week’s release introduces new detections for CVE-2025-68645 and CVE-2025-31125.

Key Findings

  • CVE-2025-68645: A Local File Inclusion (LFI) vulnerability in the Webmail Classic UI of Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 allows unauthenticated remote attackers to craft requests to the /h/rest endpoint, improperly influence internal dispatching, and include arbitrary files from the WebRoot directory.
  • CVE-2025-31125: Vite, the JavaScript frontend tooling framework, exposes content of non-allowed files via ?inline&import when its development server is network-exposed, enabling unauthorized attackers to read arbitrary files and potentially leak sensitive information.
RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset N/AZimbra - Local File Inclusion - CVE:CVE-2025-68645LogBlockThis is a new detection.
Cloudflare Managed Ruleset N/AVite - WASM Import Path Traversal - CVE:CVE-2025-31125LogBlockThis is a new detection.