Cloudflare protects against critical SharePoint vulnerability, CVE-2025-53770

On July 19, 2025, Microsoft disclosed CVE-2025-53770, a critical zero-day Remote Code Execution (RCE) vulnerability. Assigned a CVSS 3.1 base score of 9.8 (Critical), the vulnerability affects SharePoint Server 2016, 2019, and the Subscription Edition, along with unsupported 2010 and 2013 versions. Cloudflare’s WAF Managed Rules now includes 2 emergency releases that mitigate these vulnerabilities for WAF customers.

Unpacking CVE-2025-53770

The vulnerability's root cause is improper deserialization of untrusted data, which allows a remote, unauthenticated attacker to execute arbitrary code over the network without any user interaction. Moreover, what makes CVE-2025-53770 uniquely threatening is its methodology – the exploit chain, labeled "ToolShell." ToolShell is engineered to play the long-game: attackers are not only gaining temporary access, but also taking the server's cryptographic machine keys, specifically the ValidationKey and DecryptionKey. Possessing these keys allows threat actors to independently forge authentication tokens and __VIEWSTATE payloads, granting them persistent access that can survive standard mitigation strategies such as a server reboot or removing web shells.

In response to the active nature of these attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-53770 to its Known Exploited Vulnerabilities (KEV) catalog with an emergency remediation deadline. Continue reading

Shutdown season: the Q2 2025 Internet disruption summary

Cloudflare’s network currently spans more than 330 cities in over 125 countries, and we interconnect with over 13,000 network providers in order to provide a broad range of services to millions of customers. The breadth of both our network and our customer base provides us with a unique perspective on Internet resilience, enabling us to observe the impact of Internet disruptions at both a local and national level, as well as at a network level.

As we have noted in the past, this post is intended as a summary overview of observed and confirmed disruptions, and is not an exhaustive or complete list of issues that have occurred during the quarter. A larger list of detected traffic anomalies is available in the Cloudflare Radar Outage Center. Note that both bytes-based and request-based traffic graphs are used within the post to illustrate the impact of the observed disruptions — the choice of metric was generally made based on which better illustrated the impact of the disruption.

In our Q1 2025 summary post, we noted that we had not observed any government-directed Internet shutdowns during the quarter. Unfortunately, that forward progress was short-lived — in the second quarter of 2025, we Continue reading

NB535: Tomahawk Ultra Chops Congestion; Denmark Invests for Quantum Advantages

Take a Network Break! We begin with a listener question about a paper critiquing Shor’s Algorithm and quantum computing, and touch on a remote code execution vulnerability in Riverbed SteelCentral NetProfiler / NetExpress 10.8.7. We discuss a Cloudflare BGP misconfiguration that caused the Internet to hiccup, Broadcom’s new Tomahawk Ultra ASIC aimed for–you guessed it–AI... Read more »

Always Check Your Tests Against Faulty Inputs

A while ago, I published a blog post proudly describing the netlab integration test that should check for incorrect OSPF network types in netlab-generated device configurations. Almost immediately, Erik Auerswald pointed out that my test wouldn’t detect that error (it might detect other errors, though) as the OSPF network adjacency is always established even when the adjacent routers have mismatching OSPF network types.

I made one of the oldest testing mistakes: I checked whether my test would work under the correct conditions but not whether it would detect an incorrect condition.

Read more …

How the Free Software Foundation Battles the LLM Bots

A Ian Kelling points out that the infrastructure for the Free Software Foundation “has been under attack since August 2024.” “Nothing has changed since the article,” FSF sysadmin a report from LibreNews noting similar issues at high-profile FOSS sites including the Fedora project, KDE GitLab infrastructure, the GNOME GitLab instance, Diaspora, and even the FOSS news site Linux Weekly News. (And “GNOME has been experiencing issues since a last November…”) Articles like the FSF’s are a way of sharing “techniques and tools”, McMahon said Tuesday. Though he adds that some system administrators also have a private mailing list “where we can coordinate and share effective strategies. The specific mitigations often cannot be published because that would give our attackers an advantage.” There’s a lot to learn from the FSF’s battle against the bots — about the tactics of sysadmins, but also about Continue reading

Immich Setup with Docker & External Library (NFS)

Immich Setup with Docker & External Library (NFS)

Recently, I started self-hosting most of the apps I use, like Memos for note-taking and Paperless-NGX for document management. The next one on the list was Immich. Immich is a self-hosted photo and video backup solution that supports features like facial recognition and automatic uploads.

Memos - Amazing Open Source, Self-hosted Notes App
That being said, I recently stumbled upon another great self-hosted note-taking app called ‘Memos’ I just couldn’t believe that I didn’t know about this until very recently.
Immich Setup with Docker & External Library (NFS)PacketswitchSuresh Vina
Immich Setup with Docker & External Library (NFS)
Paperless-ngx - Self-Hosted Document Manager
I came across a great self-hosted document manager called ‘Paperless-NGX’. It not only helps with organising documents but also includes OCR functionality
Immich Setup with Docker & External Library (NFS)PacketswitchSuresh Vina
Immich Setup with Docker & External Library (NFS)

In this post, we’ll look at how to set up Immich as a Docker container and also how to add an NFS share as an external library.

But, Why?

I have a lot of pictures on my NAS that I’ve collected over the years. This includes photos of friends, family, and ones from my older phones. I wanted a way to manage and organise them from one place. I also didn’t want to upload all of them to Google or Apple, which would cost quite a bit. Continue reading

HN788: Behind Megaport’s Network Automation Platform (Sponsored)

We have a network automation discussion for you today from sponsor Megaport. At the AutoCon3 conference earlier this year, Luke Gollan presented on a complex network automation project migrating Megaport’s API-driven software defined network from a legacy VXC overlay to an EVPN framework. This helped improve scalability, but was fraught with practical challenges, not the... Read more »

Cisco IOS/XE Hates Redistributed Static IPv6 Routes

Writing tests that check the correctness of network device configurations is hard (overview, more details). It’s also an interesting exercise in getting the timing just right:

  • Routing protocols are an eventually-consistent distributed system, and things eventually appear in the right place (if you got the configurations right), but you never know when exactly that will happen.
  • You can therefore set some reasonable upper bounds on when things should happen, and declare failure if the timeouts are exceeded. Even then, you’ll get false positives (as in: the test is telling you the configurations are incorrect, when it’s just a device having a bad hair day).

And just when you think you nailed it, you encounter a device that blows your assumptions out of the water.

Read more …

Worth Reading 071725


Is Your Wi-Fi Router Tracking Your Browsing? Here’s What 30,000 Words of Privacy Policies Revealed.


Browser Dating wants your search history — all of it. Your 3 a.m. Reddit rabbit holes, your medical anxieties, your peculiar curiosities about President Trump’s hair, and whether cats plot murder.


Now, people are rethinking the trade-off. Ubuntu has disabled some protections, resulting in 20% performance boost.


Each time you swipe a loyalty card, you’re not just saving on groceries—you’re feeding a powerful data machine known as retail media.


Over the last ten years, more than 600 million websites have been secured with free certificates from Let’s Encrypt. Here’s how it all began and why.

IPB179: IPv6 DNS Gotchas

Let’s talk about common misconceptions regarding DNS and IPv6. We’ve heard these often enough that we felt we should talk through each one. We cover issues including what kind of DNS record types can be returned via IPv6 (and IPv4, too), more details on what really goes on with Happy Eyeballs, and combining A/AAAA records... Read more »

Broadcom Tries To Kill InfiniBand And NVSwitch With One Ethernet Stone

InfiniBand was always supposed to be a mainstream fabric to be used across PCs, servers, storage, and networks, but the effort collapsed and the remains of the InfiniBand effort found a second life at the turn of the millennium as a high performance, low latency interconnect for supercomputers running simulations and models.

Broadcom Tries To Kill InfiniBand And NVSwitch With One Ethernet Stone was written by Timothy Prickett Morgan at The Next Platform.

Quicksilver v2: evolution of a globally distributed key-value store (Part 2)

What is Quicksilver?

Cloudflare has servers in 330 cities spread across 125+ countries. All of these servers run Quicksilver, which is a key-value database that contains important configuration information for many of our services, and is queried for all requests that hit the Cloudflare network.

Because it is used while handling requests, Quicksilver is designed to be very fast; it currently responds to 90% of requests in less than 1 ms and 99.9% of requests in less than 7 ms. Most requests are only for a few keys, but some are for hundreds or even more keys.

Quicksilver currently contains over five billion key-value pairs with a combined size of 1.6 TB, and it serves over three billion keys per second, worldwide. Keeping Quicksilver fast provides some unique challenges, given that our dataset is always growing, and new use cases are added regularly.

Quicksilver used to store all key-values on all servers everywhere, but there is obviously a limit to how much disk space can be used on every single server. For instance, the more disk space used by Quicksilver, the less disk space is left for content caching. Also, with each added server that contains a particular Continue reading

The World’s Most Powerful Server Embiggens A Bit With Power11

If you need a big, badass box that can support tens of terabytes of memory, dozens of PCI-Express peripheral slots, thousands of directly attached storage devices, all feeding into hundreds of cores that can span that memory footprint with lots of bandwidth, you do not have a lot of options.

The World’s Most Powerful Server Embiggens A Bit With Power11 was written by Timothy Prickett Morgan at The Next Platform.

1 34 35 36 37 38 3,836