On May 7, 2025, CERT/CC exposed two high-risk vulnerabilities in Radware’s Cloud Web Application Firewall (WAF). Designated as CVE-2024-56523 and CVE-2024-56524, these flaws allow attackers to bypass security filters, enabling malicious requests to reach protected web applications.

How Attackers Exploit the Flaws

The vulnerabilities stem from improper handling of specific HTTP requests:

  • CVE-2024-56523: Attackers can inject random data into the body of HTTP GET requests, confusing the WAF’s filtering logic and letting malicious payloads slip through.
  • CVE-2024-56524: Requests containing specially crafted characters evade validation checks, bypassing the WAF’s blocking mechanisms entirely.

These exploits undermine the core purpose of a WAF—blocking unauthorized traffic—by allowing threats like SQL injection or cross-site scripting (XSS) to reach backend systems.

Current Status of Patches and Radware’s Response

CERT/CC suggests the vulnerabilities may already be patched but notes Radware has not publicly acknowledged or detailed fixes as of the advisory’s release. This lack of communication raises concerns for organizations relying on Radware’s cloud WAF for protection.

Why These Vulnerabilities Demand Immediate Action

A compromised WAF leaves web applications exposed to:

  • Data breaches from unblocked malicious queries.
  • Service disruptions due to undetected DDoS attacks.
  • Compliance violations if customer data is compromised.

While CERT/CC has not observed active exploitation, WAF bypass techniques are highly prized by cybercriminals, making preemptive mitigation critical.

Recommended Mitigation Steps

  1. Verify WAF Configuration: Ensure the “block” mode is active for all protected applications.
  2. Monitor for Unusual Traffic: Look for GET requests with unexpected body content or abnormal characters.
  3. Contact Radware Support: Request confirmation on whether your Cloud WAF version has been patched.

WAFs are a frontline defense—ensure yours isn’t a backdoor. Prioritize investigating CVE-2024-56523 and CVE-2024-56524 to maintain robust web application security.

Share this post

Author

Editorial Team
Editorial Team
The Editorial Team at Security Land is comprised of experienced professionals dedicated to delivering insightful analysis, breaking news, and expert perspectives on the ever-evolving threat landscape

Comments