CVE-2025-46120 is a critical security vulnerability affecting CommScope Ruckus Unleashed wireless controllers (versions prior to 200.15.6.212.27 and 200.18.7.1.323) and Ruckus ZoneDirector controllers (versions prior to 10.5.1.0.282). The flaw is a path traversal vulnerability in the web interface that allows an attacker to execute arbitrary Embedded JavaScript (EJS) templates outside of the intended directories. Specifically, an unauthenticated remote attacker who can upload a template file—potentially via FTP or other upload mechanisms—can exploit this vulnerability to escalate privileges and execute arbitrary template code on the controller. This leads to full compromise of the device, affecting confidentiality, integrity, and availability. The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and has a CVSS v3.1 base score of 9.8, indicating critical severity. The attack vector is network-based with no authentication or user interaction required, making exploitation straightforward if the attacker can upload files. Although no known exploits are currently reported in the wild, the high severity and ease of exploitation make this a significant threat to organizations using these Ruckus wireless controllers. The vulnerability allows attackers to bypass intended directory restrictions and execute arbitrary code, potentially leading to full device takeover, interception or manipulation of wireless traffic, and pivoting into internal networks.

For European organizations, this vulnerability poses a severe risk, especially for enterprises, educational institutions, and public sector entities relying on Ruckus Unleashed or ZoneDirector wireless infrastructure. Successful exploitation could lead to unauthorized access to sensitive internal networks, interception of confidential communications, disruption of wireless services, and potential lateral movement to other critical systems. Given the critical nature of the flaw and the lack of authentication requirements, attackers could remotely compromise wireless controllers, undermining network security and data privacy obligations under regulations such as GDPR. The impact extends to operational disruption, reputational damage, and potential regulatory penalties. Organizations with large deployments of these controllers are particularly at risk, as attackers could target multiple devices to establish persistent footholds or conduct widespread espionage or sabotage campaigns.

Organizations should immediately verify the versions of CommScope Ruckus Unleashed and ZoneDirector controllers in their environment and upgrade to the fixed versions 200.15.6.212.27, 200.18.7.1.323, or 10.5.1.0.282 or later as soon as patches become available. Until patches are applied, restrict access to the management interfaces of these controllers by implementing network segmentation and firewall rules to limit exposure to trusted administrative networks only. Disable or tightly control any file upload mechanisms such as FTP or web uploads to prevent unauthorized template uploads. Monitor logs for suspicious file upload activity or unexpected template executions. Employ intrusion detection systems capable of detecting path traversal attempts or anomalous template executions. Additionally, conduct thorough audits of wireless controller configurations and access controls to ensure no unauthorized changes have been made. Consider implementing multi-factor authentication for management access to reduce risk of exploitation through other vectors. Finally, maintain up-to-date backups of controller configurations to enable rapid recovery if compromise is detected.