CVE-2025-46122
Published: 21 July 2025
Summary
CVE-2025-46122 is a critical-severity Command Injection (CWE-77) vulnerability in Ruckuswireless Ruckus Unleashed. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 19.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-46122 affects CommScope Ruckus Unleashed wireless controller software prior to versions 200.15.6.212.14 and 200.17.7.0.139. The flaw is a command-injection issue (CWE-77) in the authenticated diagnostics endpoint /admin/_cmdstat.jsp, which passes unsanitized attacker-supplied input directly to the system shell and permits specification of a target device by MAC address.
An attacker who already possesses administrative credentials on the management interface can exploit the endpoint over the network to run arbitrary operating-system commands with root privileges. The CVSS 9.1 score reflects the combination of network attack vector, low complexity, and full impact on confidentiality, integrity, and availability within a changed security scope.
Vendor guidance and the associated security bulletin direct administrators to upgrade to the fixed releases listed above; the bulletin also contains additional hardening recommendations for environments that cannot immediately apply the patches. The EPSS score has remained flat at 0.0139 with no observed increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22106
Vulnerability details
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address…
more
and execute arbitrary commands as root.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authenticated command injection in the diagnostics API (/admin/_cmdstat.jsp) passes uncontrolled input to the shell, enabling arbitrary Unix shell command execution as root remotely, including on network devices targeted by MAC address.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the command injection vulnerability by requiring validation of attacker-controlled inputs to the `/admin/_cmdstat.jsp` diagnostics API endpoint before passing to the shell.
Mandates timely identification, reporting, and remediation of flaws like this command injection vulnerability through patching to fixed Ruckus Unleashed versions.
Limits the attack surface by enforcing least privilege, restricting high-privilege (PR:H) access to the vulnerable diagnostics endpoint.