CVE-2025-56083 is an OS Command Injection vulnerability identified in the Ruijie X30-PRO network device firmware version X30-PRO-V1_09241521. The flaw exists in the Lua script located at /usr/local/lua/dev_sta/nbr_networkId_merge.lua, specifically in the module_set functionality, which processes POST requests. An attacker with low privileges (PR:L) can craft a malicious POST request that injects arbitrary operating system commands, which the device executes with the privileges of the affected process. The vulnerability requires no user interaction (UI:N) and can be exploited remotely over the network (AV:N). The impact is severe, affecting confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing full device compromise, data exfiltration, or disruption of network services. The CVSS v3.1 base score is 8.8, categorizing it as high severity. No patches or public exploits are currently available, but the vulnerability is publicly disclosed and should be treated as a critical risk. The CWE-78 classification confirms it as a classic OS command injection issue, often stemming from improper input validation and sanitization in the Lua script handling network requests.

For European organizations, this vulnerability poses a significant threat to network infrastructure security, especially for those deploying Ruijie X30-PRO devices in critical environments such as telecommunications, enterprise networks, and government agencies. Exploitation could lead to unauthorized command execution, enabling attackers to manipulate device configurations, intercept or redirect network traffic, disrupt services, or establish persistent footholds within the network. This could result in data breaches, service outages, and compromise of sensitive communications. The high severity and remote exploitability increase the likelihood of targeted attacks or automated scanning campaigns. Given the strategic importance of network devices, exploitation could also impact national critical infrastructure and telecommunications providers, potentially affecting broader sectors reliant on these networks.

Since no official patches are currently available, European organizations should implement immediate compensating controls. These include: 1) Restricting network access to the management interfaces of Ruijie X30-PRO devices using firewalls and access control lists to limit exposure to trusted administrators only. 2) Implementing strict authentication and authorization policies to ensure only authorized personnel can send POST requests to the vulnerable module. 3) Monitoring network traffic for anomalous POST requests targeting /usr/local/lua/dev_sta/nbr_networkId_merge.lua or unusual command execution patterns. 4) Employing network segmentation to isolate vulnerable devices from critical network segments. 5) Conducting regular audits and vulnerability scans to detect signs of exploitation attempts. 6) Preparing for rapid deployment of patches once released by Ruijie by maintaining close vendor communication. 7) Considering temporary device replacement or firmware rollback if feasible to versions not affected by this vulnerability. These targeted steps go beyond generic advice by focusing on the specific attack vector and device context.