CVE-2025-56113

HighRCE

Published: 11 December 2025

Published

11 December 2025

Modified

11 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0018 38.9th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-56113 is a high-severity OS Command Injection (CWE-78) vulnerability in Ruijie Reyee Os. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 38.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Unix Shell (T1059.004) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents OS command injection by validating crafted POST requests to the pwdmodify function in common.lua.

SI-2 Flaw Remediation good match

prevent

Remediates the specific flaw in /usr/lib/lua/luci/modules/common.lua through timely patching as per vendor advisories.

SI-9 Information Input Restrictions partial match

prevent

Restricts information inputs to pwdmodify, limiting the ability to inject arbitrary OS commands via POST requests.

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

OS command injection via web POST enables Unix Shell execution (T1059.004), exploitation of remote web service (T1210), and privilege escalation from low privileges to full system control (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP_3.0(1)B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.

Deeper analysisAI

CVE-2025-56113 is an OS Command Injection vulnerability (CWE-78) affecting Ruijie RG-YST EST software, specifically the YSTAP_3.0(1)B11P280YST250F V1.xxV2.xx version. The flaw resides in the pwdmodify function within the file /usr/lib/lua/luci/modules/common.lua, where attackers can inject and execute arbitrary operating system commands through a specially crafted POST request. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

Exploitation requires low privileges (PR:L), making it accessible to authenticated users such as low-level administrators or service accounts. Attackers can remotely trigger the vulnerability over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N), leading to arbitrary command execution on the underlying operating system. Successful exploitation grants high-level control over the affected device, potentially enabling full system compromise, data exfiltration, persistence, or lateral movement within the network.

Mitigation guidance and patch details are outlined in security advisories and reports available via the CVE references, including a dedicated GitHub vulnerability report at https://github.com/flegoity/Ruijie-Multiple-Devices-Vulnerability-Reports-for-CVE/blob/main/CVE-2025-56113.md and supporting documents on OneDrive. Practitioners should consult these sources for vendor-recommended updates, configuration hardening, or workarounds to address the issue.

Details

CWE(s): CWE-78

Affected Products

ruijie

rg-yst250f firmware

3.0\(1\)b11p280yst250f

ruijie

rg-est310 v2 firmware

b11p221

ruijie

reyee os

219, 221

ruijie

rg-eap602 firmware

3.0\(1\)b2p55

CVEs Like This One

CVE-2025-56084Same product: Ruijie Reyee Os

CVE-2025-56083Same product: Ruijie Reyee Os

CVE-2025-56099Same product: Ruijie Reyee Os

CVE-2025-56108Same product: Ruijie Rg-Eap602

CVE-2025-56093Same product: Ruijie Rg-Eap602

CVE-2025-56098Same product: Ruijie Rg-Ew300 Pro

CVE-2025-56094Same product: Ruijie Rg-Ew300 Pro

CVE-2025-56089Same vendor: Ruijie

CVE-2025-56090Same vendor: Ruijie

CVE-2025-56095Same product: Ruijie Rg-Eap602

References

https://1drv.ms/f/c/12406a392c92914b/EsGqqVSQqCVBjjz2FhAHAiAB4MCHo41vIuw2wPgLykbupA?e=YgF1gt
Broken Link · cve@mitre.org
https://1drv.ms/t/c/12406a392c92914b/EY_XOykAOvJJkGsDkmahTboBmmvNWczbXF3brroYsTWmTA?e=2Itzta
Broken Link · cve@mitre.org
https://github.com/flegoity/Ruijie-Multiple-Devices-Vulnerability-Reports-for-CVE/blob/main/CVE-2025-56113.md
Third Party Advisory · cve@mitre.org