CVE-2025-56098
Published: 11 December 2025
Summary
CVE-2025-56098 is a high-severity OS Command Injection (CWE-78) vulnerability in Ruijie X30 Pro Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents OS command injection by validating crafted POST request inputs to the module_get function in networkConnect.lua.
Remediates the specific command injection flaw in Ruijie X30-PRO V1_09241521 through timely patching and update testing.
Separates user network connection functionality from OS command execution to mitigate injection of arbitrary commands.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection via crafted POST request to web interface enables exploitation of public-facing application (T1190), arbitrary Unix shell execution (T1059.004), and privilege escalation from low privileges to arbitrary command execution (T1068).
NVD Description
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.
Deeper analysisAI
CVE-2025-56098 is an OS Command Injection vulnerability (CWE-78) in the Ruijie X30-PRO device, specifically version X30-PRO-V1_09241521. The issue affects the module_get function in the file /usr/local/lua/dev_sta/networkConnect.lua, enabling attackers to execute arbitrary commands through a crafted POST request. Published on 2025-12-11, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability can be exploited over the network by attackers with low privileges, such as authenticated users, requiring low attack complexity and no user interaction. Successful exploitation allows execution of arbitrary operating system commands, resulting in high impacts to confidentiality, integrity, and availability on the affected device.
Advisories and detailed reports on mitigation are available in the following references: https://1drv.ms/f/c/12406a392c92914b/EtGIxwWujwxBvQhL9wgnUIwBkg-mndJJX07Igr6d0cic-g?e=4KJbWY, https://1drv.ms/t/c/12406a392c92914b/EYC9-EvSxKZOum9kuAtPDq4BjKb0c8IV6B52lDEAD33pEA?e=2C0BKO, and https://github.com/flegoity/Ruijie-Multiple-Devices-Vulnerability-Reports-for-CVE/blob/main/CVE-2025-56098.md.
Details
- CWE(s)