This week’s release introduces new detections for CVE-2025-64459 and CVE-2025-24893. Key Findings
CVE-2025-64459: Django versions prior to 5.1.14, 5.2.8, and 4.2.26 are vulnerable to SQL injection via crafted dictionaries passed to QuerySet methods and the Q() class. CVE-2025-24893: XWiki allows unauthenticated remote code execution through crafted requests to the SolrSearch endpoint, affecting the entire installation.
RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionCommentsCloudflare Managed Ruleset7a47683eacce4abd870ab2c630698ff3 N/AXWiki - Remote Code Execution - CVE:CVE-2025-24893 2LogBlockThis is a new detection.Cloudflare Managed Rulesetad5c52f6ca334ef4a844e5e5da8ba7e6 N/ADjango SQLI - CVE:CVE-2025-64459LogBlockThis is a new detection.Cloudflare Managed Ruleset8f0d5c98bd24460a9305a1558d667511 N/ANoSQL, MongoDB - SQLi - Comparison - 2BlockBlockRule metadata description refined. Detection unchanged.
Fetched April 4, 2026