2025-05-19 · Cloudflare Web Application Firewall (WAF) docs | Latest TMZ Celebrity News & Gossip | Watch TMZ Live Skip to content
Cloudflare Docs

2025-05-19

This week's analysis covers four vulnerabilities, with three rated critical due to their Remote Code Execution (RCE) potential. One targets a high-traffic frontend platform, while another targets a popular content management system. These detections are now part of the Cloudflare Managed Ruleset in Block mode.

Key Findings

  • Commvault Command Center (CVE-2025-34028) exposes an unauthenticated RCE via insecure command injection paths in the web UI. This is critical due to its use in enterprise backup environments.
  • BentoML (CVE-2025-27520) reveals an exploitable vector where serialized payloads in model deployment APIs can lead to arbitrary command execution. This targets modern AI/ML infrastructure.
  • Craft CMS (CVE-2024-56145) allows RCE through template injection in unauthenticated endpoints. It poses a significant risk for content-heavy websites with plugin extensions.
  • Apache HTTP Server (CVE-2024-38475) discloses sensitive server config data due to misconfigured mod_proxy behavior. While not RCE, this is useful for pre-attack recon.

Impact

These newly detected vulnerabilities introduce critical risk across modern web stacks, AI infrastructure, and content platforms: unauthenticated RCEs in Commvault, BentoML, and Craft CMS enable full system compromise with minimal attacker effort.

Apache HTTPD information leak can support targeted reconnaissance, increasing the success rate of follow-up exploits. Organizations using these platforms should prioritize patching and monitor for indicators of exploitation using updated WAF detection rules.

RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset 100745Apache HTTP Server - Information Disclosure - CVE:CVE-2024-38475LogBlockThis is a New Detection
Cloudflare Managed Ruleset 100747Commvault Command Center - Remote Code Execution - CVE:CVE-2025-34028LogBlockThis is a New Detection
Cloudflare Managed Ruleset 100749BentoML - Remote Code Execution - CVE:CVE-2025-27520LogDisabledThis is a New Detection
Cloudflare Managed Ruleset 100753Craft CMS - Remote Code Execution - CVE:CVE-2024-56145LogBlockThis is a New Detection

TMZ Celebrity News – Breaking Stories, Videos & Gossip

Looking for the latest TMZ celebrity news? You've come to the right place. From shocking Hollywood scandals to exclusive videos, TMZ delivers it all in real time.

Whether it’s a red carpet slip-up, a viral paparazzi moment, or a legal drama involving your favorite stars, TMZ news is always first to break the story. Stay in the loop with daily updates, insider tips, and jaw-dropping photos.

🎥 Watch TMZ Live

TMZ Live brings you daily celebrity news and interviews straight from the TMZ newsroom. Don’t miss a beat—watch now and see what’s trending in Hollywood.