CVE-2025-56094 is an OS Command Injection vulnerability identified in the Ruijie X30-PRO router series, specifically in the module_get function implemented in the Lua script located at /usr/local/lua/dev_sta/host_access_delay.lua. This vulnerability allows an unauthenticated attacker to send specially crafted POST requests to the device, which are improperly sanitized, enabling arbitrary command execution on the underlying operating system. The attack vector leverages the device's web management interface or any exposed service that processes these POST requests. Because the flaw resides in a Lua script handling host access delay parameters, the attacker can inject shell commands that the system executes with the privileges of the web service or root user, depending on the device configuration. This can lead to full device compromise, including the ability to alter configurations, intercept or redirect network traffic, deploy persistent malware, or pivot to internal networks. No CVSS score has been assigned yet, and no patches or public exploits are currently available, indicating the vulnerability is newly disclosed. The absence of authentication requirements and the direct command injection nature make this a highly critical security issue. Organizations using Ruijie X30-PRO devices should consider this a severe threat and prepare for immediate mitigation and monitoring.

For European organizations, the impact of CVE-2025-56094 can be severe. Compromise of Ruijie X30-PRO routers could lead to unauthorized access to internal networks, data interception, and disruption of network services. This is particularly critical for sectors relying on these devices for secure communications, such as government agencies, telecommunications providers, and critical infrastructure operators. Attackers could use the vulnerability to establish persistent footholds, exfiltrate sensitive data, or launch further attacks within the network. The potential for widespread disruption is heightened if these devices are deployed in large numbers or in key network segments. Additionally, the lack of available patches increases the window of exposure, forcing organizations to rely on compensating controls. The vulnerability could also undermine compliance with European data protection regulations if exploited to access personal or sensitive data.

1. Immediately isolate Ruijie X30-PRO devices from untrusted networks and restrict management interface access to trusted administrators only. 2. Implement strict network segmentation to limit the exposure of vulnerable devices to potential attackers. 3. Deploy intrusion detection and prevention systems (IDS/IPS) with custom signatures to detect anomalous POST requests targeting the module_get endpoint. 4. Monitor device logs and network traffic for unusual command execution patterns or unexpected outbound connections. 5. Engage with Ruijie Networks for official patches or firmware updates addressing this vulnerability and apply them promptly once available. 6. If patching is delayed, consider temporary mitigations such as disabling the vulnerable Lua module or restricting POST request handling via firewall rules. 7. Conduct thorough security audits of all network devices to identify other potential vulnerabilities and ensure up-to-date configurations. 8. Educate network administrators about this vulnerability and enforce strict access controls and authentication mechanisms for device management.