Cyber Posture

CVE-2025-46120

CriticalPublic PoC

Published: 21 July 2025

Published
21 July 2025
Modified
05 August 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0247 85.4th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-46120 is a critical-severity Path Traversal (CWE-22) vulnerability in Ruckuswireless Ruckus Unleashed. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 14.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 3 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the path-traversal vulnerability by applying vendor patches to Ruckus Unleashed and ZoneDirector, preventing exploitation as recommended in the security bulletin.

SI-10 Information Input Validation good match
prevent

Validates and sanitizes file path inputs in the web interface to block path-traversal attempts that enable execution of attacker-supplied EJS templates outside permitted directories.

AC-3 Access Enforcement partial match
prevent

Enforces logical access controls to restrict the web interface and server from accessing or executing templates outside authorized directories, limiting privilege escalation.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1221 Template Injection Stealth
Adversaries may create or modify references in user document templates to conceal malicious code or force authentication attempts.
attack.mitre.org →
Why these techniques?

Path-traversal vulnerability in web interface allows unauthenticated remote attackers to execute arbitrary uploaded EJS templates outside permitted directories, enabling exploitation for privilege escalation (T1068), public-facing application exploitation (T1190), remote services exploitation (T1210), and template injection (T1221).

NVD Description

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a…

more

remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller.

Deeper analysisAI

CVE-2025-46120 is a path-traversal vulnerability (CWE-22) in the web interface of CommScope Ruckus Unleashed prior to versions 200.15.6.212.27 and 200.18.7.1.323, and Ruckus ZoneDirector prior to 10.5.1.0.282. The flaw allows the server to execute attacker-supplied EJS templates outside of permitted directories, published on 2025-07-21 with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A remote unauthenticated attacker who can upload a malicious EJS template, such as via FTP, can exploit the path-traversal issue to escalate privileges and execute arbitrary template code on the controller, potentially leading to full compromise with high impacts on confidentiality, integrity, and availability.

The Ruckus Wireless security bulletin at https://support.ruckuswireless.com/security_bulletins/330 and the sector7 research post at https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ detail mitigation by upgrading to Ruckus Unleashed 200.15.6.212.27, 200.18.7.1.323, or later, and ZoneDirector 10.5.1.0.282 or later.

Details

CWE(s)
CWE-22

Affected Products

ruckuswireless
ruckus unleashed
≤ 200.15.6.212.14 · 200.17 — 200.17.7.0.139
ruckuswireless
ruckus zonedirector
≤ 10.5.1.0.279

CVEs Like This One

CVE-2025-46121Same product: Commscope Ruckus C110
CVE-2025-46122Same product: Commscope Ruckus C110
CVE-2025-46117Same product: Commscope Ruckus C110
CVE-2025-44960Same product: Commscope Ruckus C110
CVE-2025-44957Same product: Commscope Ruckus C110
CVE-2025-44961Same product: Commscope Ruckus C110
CVE-2026-32727Shared CWE-22
CVE-2026-1311Shared CWE-22
CVE-2025-62630Shared CWE-22
CVE-2025-60786Shared CWE-22

References