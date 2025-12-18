Miggo Security has released a new report that examines how web application firewalls are used across real-world security programs. The research outlines the role WAFs play as foundational infrastructure and evaluates their effectiveness against critical vulnerabilities, CVEs, and AI-driven threats.

The report also explores how the WAF’s edge placement, combined with runtime intelligence, can support a more reliable and AI-ready mitigation layer for modern defense strategies.

“This study clarifies that WAFs are currently an underutilized asset because the manual, generic signature model erodes trust. Security teams cannot afford the risk of false positives or waiting 41 days for vendors to test CVE-specific rule changes. We see massive untapped potential here: runtime augmentation provides the necessary intelligence and automation to finally transform the WAF into a reliable, high-confidence defense layer for all critical CVEs, not just reactive, one-off fixes,” said Andy Ellis, CISO at Duha.

The study comes on the heels of the discovery of “React2Shell” (CVE-2025-55182), a critical vulnerability in React and Next.js. This unfolding crisis serves as a stark, real-world validation of the study’s conclusion: the exposure window between exploit discovery and effective WAF protection is where the damage can happen.

“WAFs are necessary, but they cannot win the AI-enabled zero-day race alone,” asserts Daniel Shechter, CEO of Miggo Security. “The ‘React2Shell’ vulnerabilities are the textbook example of why the old model fails. We have a CVSS 10.0 threat where the exploit lives in the complex deserialization logic of the ‘Flight’ protocol – a place standard WAF signatures rarely look. The only way to close this 41-day gap is shifting from slow, generic signatures to fast, exploit-aware rules generated by runtime intelligence.”

Miggo’s study analyzed a representative set of more than 360 CVEs to evaluate WAF effectiveness across leading vendors. The curated dataset mirrors real-world attacker priorities, including the availability of exploit tooling, the prevalence of affected components, and the potential impact of exploitation, while also examining how AI augmentation can strengthen protection.

Key findings: