WAF Release - 2025-09-22
This week emphasizes two critical vendor-specific vulnerabilities: a full elevation-of-privilege in Microsoft Azure Networking (CVE-2025-54914) and a server-side template injection (SSTI) leading to remote code execution (RCE) in Skyvern (CVE-2025-49619). These are complemented by enhancements in generic detections (SQLi, SSRF) to improve baseline coverage.
Key Findings
-
Azure (CVE-2025-54914): Vulnerability in Azure Networking allowing elevation of privileges.
-
Skyvern (CVE-2025-49619): Skyvern ≤ 0.1.85 has a server-side template injection (SSTI) vulnerability in its Prompt field (workflow blocks) via Jinja2. Authenticated users with low privileges can get remote code execution (blind).
-
Generic SQLi / SSRF improvements: Expanded rule coverage to detect obfuscated SQL injection patterns and SSRF across host, local, and cloud contexts.
Impact
These vulnerabilities allow attackers to escalate privileges or execute code under conditions where previously they could not:
-
Azure CVE-2025-54914 enables an attacker from the network with no credentials to gain high-level access within Azure Networking; could lead to full compromise of networking components.
-
Skyvern CVE-2025-49619 allows authenticated users with minimal privilege to exploit SSTI for remote code execution, undermining isolation of workflow components.
-
The improvements for SQLi and SSRF reduce risk from common injection and request-based attacks.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 100146 | SSRF - Host - 2 | Log | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | 100146B | SSRF - Local - 2 | Log | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | 100146C | SSRF - Cloud - 2 | Log | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | 100714 | Azure - Auth Bypass - CVE:CVE-2025-54914 | Log | Block | This is a New Detection | |
| Cloudflare Managed Ruleset | 100758 | Skyvern - Remote Code Execution - CVE:CVE-2025-49619 | Log | Block | This is a New Detection | |
| Cloudflare Managed Ruleset | 100773 | Next.js - SSRF | Log | Block | This is a New Detection | |
| Cloudflare Managed Ruleset | 100774 | Adobe Commerce - Remote Code Execution - CVE:CVE-2025-54236 | Log | Block | This is a New Detection | |
| Cloudflare Managed Ruleset | 100800_BETA | SQLi - Obfuscated Boolean - Beta | Log | Block | This rule has been merged into the original rule (ID: |
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark