CVE-2025-56094 is an OS Command Injection vulnerability identified in the Ruijie X30-PRO series, specifically in the X30-PRO-V1_09241521 firmware version. The flaw exists in the Lua script located at /usr/local/lua/dev_sta/host_access_delay.lua, where the module_get function improperly sanitizes input from POST requests. This lack of input validation allows an attacker with low privileges (PR:L) to inject and execute arbitrary operating system commands remotely over the network (AV:N) without requiring user interaction (UI:N). The vulnerability affects the confidentiality, integrity, and availability of the device, as attackers can execute commands that may lead to data exfiltration, device manipulation, or denial of service. The CVSS v3.1 base score is 8.8, reflecting high severity due to the low attack complexity and significant impact. While no public exploits are currently known, the vulnerability is reserved and published in the CVE database, indicating that it is recognized and potentially exploitable. The CWE-78 classification confirms it as a classic OS command injection issue, a critical security flaw in network devices that can be leveraged for lateral movement or persistent access within a network.

For European organizations, the impact of CVE-2025-56094 can be severe. Ruijie X30-PRO devices are often deployed in enterprise and service provider networks, so exploitation could lead to unauthorized control over network infrastructure. This can result in interception or manipulation of sensitive data, disruption of network services, and potential pivoting to other internal systems. Critical sectors such as finance, healthcare, telecommunications, and government agencies could face operational outages or data breaches. The vulnerability's ability to compromise device integrity and availability poses risks to business continuity and regulatory compliance under frameworks like GDPR. Additionally, the lack of known patches increases the window of exposure, making proactive defense essential. The potential for attackers to execute arbitrary commands remotely without user interaction heightens the threat level, especially in environments with limited network segmentation or outdated device management practices.

1. Immediate mitigation should focus on isolating Ruijie X30-PRO devices from untrusted networks and restricting access to management interfaces. 2. Implement strict network segmentation to limit exposure of vulnerable devices to only trusted administrators. 3. Monitor network traffic for unusual POST requests targeting the module_get endpoint or suspicious command execution patterns. 4. Employ Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block command injection attempts. 5. Engage with Ruijie support channels to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 6. Conduct thorough audits of device configurations and logs to identify any signs of compromise. 7. Educate network administrators on the risks and indicators of exploitation related to this vulnerability. 8. Consider temporary disabling or restricting the vulnerable module if feasible until a patch is applied.