CVE-2025-10774 is a security vulnerability identified in the Ruijie 6000-E10 network device, specifically affecting firmware version 2.4.3.6-20171117 and earlier. The vulnerability exists in the web interface component located at /view/vpn/autovpn/sub_commit.php, where improper handling of the 'key' argument allows an attacker to perform OS command injection. This means that an attacker can inject arbitrary operating system commands remotely without requiring user interaction or authentication, leveraging the network-facing interface of the device. The vulnerability arises from insufficient input validation or sanitization of parameters passed to system-level commands, enabling execution of arbitrary commands with elevated privileges. The vendor Ruijie was notified early but has not responded or issued a patch, and the exploit code has been publicly disclosed, increasing the risk of exploitation. The CVSS 4.0 base score is 5.1 (medium severity), reflecting network attack vector, low complexity, no user interaction, but requiring high privileges, and limited impact on confidentiality, integrity, and availability. However, the presence of a remote OS command injection flaw in a network device is significant because it can lead to full device compromise, lateral movement, or disruption of network services. The lack of vendor response and public exploit availability heightens the urgency for affected organizations to take mitigating actions.

For European organizations, this vulnerability poses a moderate but tangible risk. Ruijie 6000-E10 devices are used in enterprise and possibly service provider environments to manage VPN and network access. Successful exploitation could allow attackers to execute arbitrary commands on the device, potentially leading to unauthorized access to internal networks, interception or manipulation of VPN traffic, disruption of network connectivity, or use of the device as a foothold for further attacks. Given the device’s role in VPN management, confidentiality and integrity of communications could be compromised. The medium CVSS score reflects that exploitation requires high privileges, which may limit the attack surface to insiders or attackers who have already gained some access. However, the public availability of exploits increases the risk of opportunistic attacks. European organizations relying on Ruijie networking equipment should be aware of the potential for targeted attacks aiming at critical infrastructure, especially in sectors like finance, government, and telecommunications where VPN security is paramount. The lack of a vendor patch means organizations must rely on compensating controls to reduce risk.

Since no official patch or update is available from Ruijie, European organizations should implement the following specific mitigations: 1) Immediately audit and inventory all Ruijie 6000-E10 devices to identify affected firmware versions. 2) Restrict network access to the device management interfaces, especially the web interface, by implementing strict firewall rules and network segmentation to limit exposure to trusted management networks only. 3) Employ VPN or secure management tunnels with strong authentication to access device management interfaces, reducing the risk of unauthorized remote access. 4) Monitor device logs and network traffic for unusual commands or activity indicative of exploitation attempts, using IDS/IPS tuned for command injection signatures. 5) Consider deploying host-based or network-based application firewalls capable of detecting and blocking command injection payloads targeting the vulnerable endpoint. 6) If possible, replace or upgrade devices to newer models or firmware versions not affected by this vulnerability. 7) Establish incident response procedures specific to network device compromise to quickly isolate and remediate affected systems. 8) Engage with Ruijie support channels persistently to obtain official patches or guidance. These measures go beyond generic advice by focusing on access restriction, monitoring, and compensating controls tailored to the specific vulnerability and device role.