WAF Release - 2025-12-11 - Emergency
This emergency release introduces rules for CVE-2025-55183 and CVE-2025-55184, targeting server-side function exposure and resource-exhaustion patterns, respectively.
Key Findings
Added coverage for Leaking Server Functions (CVE-2025-55183) and React Function DoS detection (CVE-2025-55184).
Impact
These updates strengthen protection for server-function abuse techniques (CVE-2025-55183, CVE-2025-55184) that may expose internal logic or disrupt application availability.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | N/A | React - Leaking Server Functions - CVE:CVE-2025-55183 | N/A | Block | This was labeled as Generic - Server Function Source Code Exposure. | |
| Cloudflare Free Ruleset | N/A | React - Leaking Server Functions - CVE:CVE-2025-55183 | N/A | Block | This was labeled as Generic - Server Function Source Code Exposure. | |
| Cloudflare Managed Ruleset | N/A | React - DoS - CVE:CVE-2025-55184 | N/A | Disabled | This was labeled as Generic – Server Function Resource Exhaustion. |
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
