CVE-2025-56098 is a critical OS command injection vulnerability identified in Ruijie X30-PRO routers, specifically within the module_get function of the /usr/local/lua/dev_sta/networkConnect.lua file. This vulnerability allows an unauthenticated attacker to send a specially crafted POST request to the vulnerable endpoint, which improperly handles input and passes it to system-level commands without adequate sanitization. As a result, attackers can execute arbitrary operating system commands with the privileges of the affected process, potentially leading to full device compromise. The vulnerability resides in the Lua script responsible for network connection management, indicating that exploitation could disrupt network services or allow attackers to pivot within the network. No CVSS score has been assigned yet, and no patches or known exploits are currently documented, but the nature of the vulnerability suggests a high risk. Ruijie X30-PRO routers are used in various enterprise and service provider networks, making this a significant concern for network security. The lack of authentication requirement and the ability to execute arbitrary commands remotely make this vulnerability particularly dangerous. Organizations relying on these devices should prioritize monitoring and containment until official patches are released.

For European organizations, the impact of CVE-2025-56098 could be severe. Successful exploitation can lead to full compromise of affected network devices, enabling attackers to disrupt network availability, intercept or manipulate traffic, and potentially gain a foothold for lateral movement within corporate or service provider networks. This can result in data breaches, service outages, and damage to organizational reputation. Critical infrastructure operators and enterprises with Ruijie X30-PRO routers in their network perimeter or internal segments are at heightened risk. The vulnerability could also be leveraged to launch further attacks against connected systems or to establish persistent backdoors. Given the strategic importance of telecommunications and network infrastructure in Europe, exploitation could have cascading effects on business continuity and national security. The absence of authentication requirements lowers the barrier for attackers, increasing the likelihood of exploitation if the vulnerability is publicly disclosed without mitigation.

1. Immediate network segmentation: Isolate Ruijie X30-PRO devices from untrusted networks and restrict access to management interfaces using firewall rules or access control lists (ACLs). 2. Monitor network traffic for unusual POST requests targeting the module_get endpoint or suspicious command execution patterns. 3. Implement strict input validation and filtering at network ingress points to detect and block malformed requests. 4. Engage with Ruijie support channels to obtain official patches or firmware updates as soon as they become available. 5. Temporarily disable or restrict the vulnerable module_get functionality if possible, or apply configuration changes to limit exposure. 6. Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts targeting this vulnerability. 7. Conduct regular audits of device configurations and logs to identify signs of compromise. 8. Educate network administrators about the vulnerability and ensure rapid incident response capabilities are in place. 9. Consider deploying compensating controls such as VPNs or jump hosts for device management to reduce direct exposure. 10. Maintain an inventory of all Ruijie devices to prioritize remediation efforts effectively.