![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![[DEALS] The Premium Python Programming PCEP Certification Prep Bundle (67% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
-Mafia-The-Old-Country---The-Initiation-Trailer-00-00-54.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
-Nintendo-Switch-2---Reveal-Trailer-00-01-52.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Sergey_Tarasov_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Instacart’s new Fizz alcohol delivery app is aimed at Gen Z [U]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/05/Instacarts-new-Fizz-alcohol-delivery-app-is-aimed-at-Gen-Z.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[Update] A renewed Pixel Watch 2 is a steal at under $80 on Amazon](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/10/Pixel-Watch-2-in-pocket-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![Beats Studio Pro Wireless Headphones Now Just $169.95 - Save 51%! [Deal]](https://www.iclarified.com/images/news/97258/97258/97258-640.jpg)
Radware Cloud Web App Firewall Vulnerability Let Attackers Bypass Filters
Security researchers have uncovered critical vulnerabilities in Radware’s Cloud Web Application Firewall (WAF) that could allow attackers to completely bypass security filters, potentially exposing underlying web applications to various attacks. The vulnerabilities, tracked as CVE-2024-56523 and CVE-2024-56524, were publicly disclosed by CERT/CC on May 7, 2025, raising significant concerns for organizations relying on this security […] The post Radware Cloud Web App Firewall Vulnerability Let Attackers Bypass Filters appeared first on Cyber Security News.
Security researchers have uncovered critical vulnerabilities in Radware’s Cloud Web Application Firewall (WAF) that could allow attackers to completely bypass security filters, potentially exposing underlying web applications to various attacks.
The vulnerabilities, tracked as CVE-2024-56523 and CVE-2024-56524, were publicly disclosed by CERT/CC on May 7, 2025, raising significant concerns for organizations relying on this security solution.
Radware Cloud Web Application Firewall Vulnerability
Researchers discovered two distinct methods to circumvent Radware’s Cloud WAF protections. The first vulnerability (CVE-2024-56523) involves sending specially crafted HTTP GET requests containing random data in the request body.
When formatted in this specific manner, the WAF fails to properly filter the request, allowing potentially malicious content to reach the protected application.
The second vulnerability (CVE-2024-56524) exploits an insufficient validation of user-supplied input when processing special characters. By adding certain special characters to requests, attackers can cause the firewall to fail its filtering function, allowing various payloads to bypass security controls and reach the underlying web application.
“This represents a significant security issue for organizations relying solely on WAF technology for their application security posture,” noted security experts familiar with the matter.
VulDB has classified the vulnerability as critical with a CVSS meta-temperature score of 5.3, indicating moderate severity but notable risk. The most concerning aspect is that attackers with knowledge of these vulnerabilities could deliver malicious inputs directly to web applications that would normally be blocked by the WAF.
Security experts emphasize that WAFs serve as a critical defense against numerous web-based threats by blocking, filtering, and monitoring traffic.
Their primary purpose is to mitigate the risk of data breaches by preventing unauthorized data exposure. These bypass techniques potentially undermine this essential security layer.
According to CERT/CC, the vulnerabilities appear to have been fixed in recent updates. However, as of the disclosure date, Radware has reportedly not acknowledged the findings when security researcher Oriol Gegundez initially reported them.
Japanese security publication Security NEXT reported that while CERT/CC indicates the issues may be patched, detailed information about the vulnerabilities remains limited due to the lack of vendor response.
Cybersecurity experts recommend that organizations using Radware Cloud WAF ensure they are running the latest version of the product and implement additional security layers as part of a defense-in-depth strategy.
Oriol Gegundez originally reported the vulnerabilities, and Kevin Stephens and Ben Koo prepared the security advisory documentation.
Setting Up SOC Team? – Download Free Ultimate SIEM Pricing Guide (PDF) For Your SOC Team -> Free Download
The post Radware Cloud Web App Firewall Vulnerability Let Attackers Bypass Filters appeared first on Cyber Security News.
