CVE-2025-56099 is an OS Command Injection vulnerability identified in the Ruijie RG-YST AP_3.0(1)B11P280YST250F wireless access point firmware. The flaw exists in the pwdmodify function located in the Lua script /usr/lib/lua/luci/modules/common.lua, which processes POST requests. An attacker with low privileges can craft a malicious POST request that injects arbitrary OS commands, which the system executes with the privileges of the vulnerable service. This vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The CVSS v3.1 score is 8.8 (high), reflecting network attack vector, low attack complexity, low privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. Exploitation could allow attackers to take full control of the device, manipulate network traffic, or disrupt network services. No patches or public exploits are currently available, increasing the urgency for organizations to implement compensating controls. The vulnerability affects a specific Ruijie firmware version, but exact affected versions are not detailed. Given Ruijie's presence in enterprise and service provider networks, this vulnerability poses a significant risk to network infrastructure security.

For European organizations, exploitation of CVE-2025-56099 could lead to severe consequences including unauthorized access to network infrastructure, interception or manipulation of sensitive data, disruption of wireless network availability, and potential lateral movement within corporate networks. Critical sectors such as telecommunications, finance, government, and critical infrastructure relying on Ruijie access points could face operational outages and data breaches. The compromise of network devices can undermine trust in network security and lead to regulatory non-compliance under GDPR due to data confidentiality breaches. The high severity and ease of exploitation mean attackers could rapidly leverage this vulnerability to establish persistent footholds or launch further attacks. Organizations with large-scale deployments of Ruijie devices are particularly vulnerable to widespread impact.

1. Immediately restrict network access to the management interfaces of Ruijie RG-YST devices, limiting exposure to trusted administrative networks only. 2. Implement strict firewall rules to block unauthorized POST requests targeting the pwdmodify endpoint or Lua scripts on these devices. 3. Monitor network traffic for anomalous POST requests or command injection patterns indicative of exploitation attempts. 4. Apply network segmentation to isolate vulnerable devices from critical systems and sensitive data environments. 5. Engage with Ruijie support or vendors to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 6. If patches are unavailable, consider temporary device replacement or disabling vulnerable services to reduce attack surface. 7. Conduct thorough audits of device configurations and logs to detect any signs of compromise. 8. Educate network administrators on the risks and signs of exploitation related to this vulnerability.