Cyber Posture

CVE-2025-9424

MediumPublic PoC

Published: 25 August 2025

Published
25 August 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0066 71.3th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-9424 is a medium-severity Command Injection (CWE-77) vulnerability in Ruijie Ws7204-A Firmware. Its CVSS base score is 4.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications
addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

SI-10 Information Input Validation
addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

OS command injection in public-facing web interface directly enables remote exploitation of the application (T1190) and arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itbox_pi/branch_import.php?a=branch_list. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit is…

more

publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-9424 is an OS command injection vulnerability (CWE-77, CWE-78) in Ruijie WS7204-A version 2017.06.15. The flaw affects an unknown functionality within the file /itbox_pi/branch_import.php?a=branch_list, where manipulation of the province argument enables command injection.

The vulnerability allows remote exploitation over the network with low attack complexity but requires high privileges (PR:H) from the attacker. Successful exploitation can result in limited impacts to confidentiality, integrity, and availability (C:L/I:L/A:L), yielding a CVSS 3.1 base score of 4.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).

VulDB advisories and a GitHub issue detail the vulnerability, noting that an exploit is publicly available and might be used. The vendor was contacted early about the disclosure but did not respond, with no patches or official mitigations mentioned.

Details

CWE(s)
CWE-77CWE-78

Affected Products

ruijie
ws7204-a firmware
2017.06.15

CVEs Like This One

CVE-2025-56114Same vendor: Ruijie
CVE-2025-56093Same vendor: Ruijie
CVE-2025-56079Same vendor: Ruijie
CVE-2025-56092Same vendor: Ruijie
CVE-2025-56099Same vendor: Ruijie
CVE-2025-56117Same vendor: Ruijie
CVE-2025-56110Same vendor: Ruijie
CVE-2025-56086Same vendor: Ruijie
CVE-2025-56095Same vendor: Ruijie
CVE-2025-56096Same vendor: Ruijie

References