New CVE Detections

Cloudflare's WAF has been updated with new detection and blocking rules for two recently disclosed vulnerabilities affecting widely-used software.

CVE-2025-68645: Zimbra Local File Inclusion

The first vulnerability affects Zimbra Collaboration Suite (ZCS) versions 10.0 and 10.1. This Local File Inclusion (LFI) vulnerability allows unauthenticated attackers to craft malicious requests to the /h/rest endpoint, which can improperly influence internal request dispatching and lead to arbitrary file inclusion from the WebRoot directory. This poses a significant risk to organizations running affected versions.

CVE-2025-31125: Vite Path Traversal

The second CVE targets Vite, the popular JavaScript frontend build tool. When Vite's development server is exposed to the network, attackers can exploit the ?inline&import query parameters to read non-allowed files, potentially exposing sensitive information and configuration data.

WAF Rule Updates

Two new rules have been added to the Cloudflare Managed Ruleset:

• Zimbra LFI Detection (Rule ID: ...833761f7): Detects and blocks attempts to exploit the Zimbra vulnerability. Previous action was logging only; now set to block.
• Vite Path Traversal Detection (Rule ID: ...950ed8c8): Detects and blocks attempts to exploit the Vite vulnerability. Previous action was logging only; now set to block.

Both rules are now active and blocking by default, providing immediate protection for customers without requiring additional configuration.