CVE-2025-46120
Published: 21 July 2025
Summary
CVE-2025-46120 is a critical-severity Path Traversal (CWE-22) vulnerability in Ruckuswireless Ruckus Unleashed. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 10.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-46120 is a path-traversal vulnerability in the web interface of CommScope Ruckus Unleashed releases prior to 200.15.6.212.27 and 200.18.7.1.323, as well as Ruckus ZoneDirector releases prior to 10.5.1.0.282. The flaw permits the server to execute attacker-supplied EJS templates from outside the intended directories, which is tracked under CWE-22 and carries a CVSS 3.1 score of 9.8.
A remote unauthenticated attacker who can place a malicious template on the system, for example via FTP, can exploit the issue to escalate privileges and execute arbitrary template code on the controller.
Vendor advisories direct administrators to apply the fixed releases listed above; the referenced security bulletin from Ruckus Wireless and the detailed analysis at sector7.computest.nl both identify the affected firmware versions and the corresponding patched builds.
The associated EPSS score has remained flat at 0.0481 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22108
Vulnerability details
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a…
more
remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path-traversal vulnerability in web interface allows unauthenticated remote attackers to execute arbitrary uploaded EJS templates outside permitted directories, enabling exploitation for privilege escalation (T1068), public-facing application exploitation (T1190), remote services exploitation (T1210), and template injection (T1221).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the path-traversal vulnerability by applying vendor patches to Ruckus Unleashed and ZoneDirector, preventing exploitation as recommended in the security bulletin.
Validates and sanitizes file path inputs in the web interface to block path-traversal attempts that enable execution of attacker-supplied EJS templates outside permitted directories.
Enforces logical access controls to restrict the web interface and server from accessing or executing templates outside authorized directories, limiting privilege escalation.