This tweet indicates that an XSS bypass technique against WAFs is still valid in 2025. However, without direct access to the payload or details, the exact nature of the bypass and the WAF vendor affected are not specified. In general, XSS (Cross-Site Scripting) bypasses exploit weaknesses in Web Application Firewalls (WAFs) that fail to detect or block malicious scripts embedded in web inputs. Such bypasses can allow attackers to inject and execute unauthorized scripts in a victim's browser, often leading to session hijacking, data theft, or other malicious activities. WAF bypasses that remain effective over multiple years indicate either a lack of updates or inherent limitations in the WAF's detection mechanisms. If the technique is indeed still effective in 2025, users of vulnerable WAFs should ensure their products are updated to the latest versions or apply additional security measures to mitigate XSS attacks.
For more insights, check out the original tweet here: https://twitter.com/KN0X55/status/1938590141104160932. And don’t forget to follow @KN0X55 for more exciting updates in the world of cybersecurity.