Skip to content
Cloudflare Docs

2025-04-22

Each of this week's rule releases covers a distinct CVE, with half of the rules targeting Remote Code Execution (RCE) attacks. Of the 6 CVEs covered, four were scored as critical, with the other two scored as high.

When deciding which exploits to tackle, Cloudflare tunes into the attackers' areas of focus. Cloudflare's network intelligence provides a unique lens into attacker activity – for instance, through the volume of blocked requests related with CVE exploits after updating WAF Managed Rules with new detections.

From this week's releases, one indicator that RCE is a "hot topic" attack type is the fact that the Oracle PeopleSoft RCE rule accounts for half of all of the new rule matches. This rule patches CVE-2023-22047, a high-severity vulnerability in the Oracle PeopleSoft suite that allows unauthenticated attackers to access PeopleSoft Enterprise PeopleTools data through remote code execution. This is particularly concerning because of the nature of the data managed by PeopleSoft – this can include payroll records or student profile information. This CVE, along with five others, are addressed with the latest detection update to WAF Managed Rules.

RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset 100738GitLab - Auth Bypass - CVE:CVE-2023-7028LogDisabledThis is a New Detection
Cloudflare Managed Ruleset 100740Splunk Enterprise - Remote Code Execution - CVE:CVE-2025-20229LogDisabledThis is a New Detection
Cloudflare Managed Ruleset 100741Oracle PeopleSoft - Remote Code Execution - CVE:CVE-2023-22047LogDisabledThis is a New Detection
Cloudflare Managed Ruleset 100742CrushFTP - Auth Bypass - CVE:CVE-2025-31161LogDisabledThis is a New Detection
Cloudflare Managed Ruleset 100743Ivanti - Buffer Error - CVE:CVE-2025-22457LogDisabledThis is a New Detection
Cloudflare Managed Ruleset 100744

Oracle Access Manager - Remote Code Execution - CVE:CVE-2021-35587

LogDisabledThis is a New Detection