CVE-2025-46120

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-46120
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://sector7.computest.nl/post/2025-07-ruckus-unleashed/
https://support.ruckuswireless.com/security_bulletins/330
Configurations

No configuration.

History

23 Jul 2025, 18:15

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en CommScope Ruckus Unleashed anterior a 200.14.6.1.203 y en Ruckus ZoneDirector, donde una falla de Path-Traversal en la interfaz web permite que el servidor ejecute plantillas EJS proporcionadas por el atacante fuera de los directorios permitidos, lo que permite que un atacante remoto no autenticado que puede cargar una plantilla (por ejemplo, a través de FTP) escale privilegios y ejecute código de plantilla arbitrario en el controlador.
CVSS v2 : unknown
v3 : 6.5 		v2 : unknown
v3 : 9.8

22 Jul 2025, 17:15

Type Values Removed Values Added
References
  • {'url': 'http://commscope.com', 'source': 'cve@mitre.org'}

22 Jul 2025, 16:15

Type Values Removed Values Added
CWE CWE-22
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5

22 Jul 2025, 14:15

Type Values Removed Values Added
Summary (en) An issue was discovered in CommScope Ruckus Unleashed prior to 200.14.6.1.203 and in Ruckus ZoneDirector, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller. (en) An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller.

21 Jul 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-21 15:15

Updated : 2025-07-23 18:15

NVD link : CVE-2025-46120

Mitre link : CVE-2025-46120

CVE.ORG link : CVE-2025-46120

JSON object : View

Products Affected

No product.

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')