CVE-2025-56108 is an OS Command Injection vulnerability affecting Ruijie X30-PRO network devices, identified in the pwdmodify function located in /usr/lib/lua/luci/modules/common.lua. This vulnerability arises due to improper sanitization of user-supplied input in a POST request, allowing an attacker with low privileges to inject arbitrary operating system commands. The vulnerability does not require user interaction and can be exploited remotely over the network, making it highly dangerous. The CVSS v3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability (C, I, A all high). Exploitation could lead to full system compromise, enabling attackers to execute commands, alter configurations, exfiltrate sensitive data, or disrupt device operation. Although no known exploits are currently reported in the wild, the vulnerability’s nature and ease of exploitation make it a critical concern for affected users. The lack of available patches at the time of publication necessitates immediate defensive measures. The vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), a common and severe injection flaw. Given Ruijie’s presence in enterprise and service provider networks, exploitation could have widespread consequences.

For European organizations, the impact of CVE-2025-56108 could be severe, especially for those relying on Ruijie X30-PRO devices in their network infrastructure. Successful exploitation can lead to complete device takeover, allowing attackers to manipulate network traffic, intercept confidential communications, disrupt services, or pivot to other internal systems. This compromises confidentiality, integrity, and availability of critical network components. Industries such as telecommunications, finance, government, and critical infrastructure operators that use Ruijie equipment are particularly at risk. The vulnerability’s remote exploitation capability increases the attack surface, potentially enabling widespread attacks without physical access. Disruption or data breaches resulting from this vulnerability could lead to regulatory penalties under GDPR and damage organizational reputation. The absence of known exploits currently provides a window for proactive defense, but the high severity score demands urgent attention.

1. Immediately restrict access to the management interfaces of Ruijie X30-PRO devices by implementing network segmentation and firewall rules to limit POST requests to trusted sources only. 2. Employ intrusion detection/prevention systems (IDS/IPS) to monitor and block suspicious POST requests targeting the pwdmodify endpoint or unusual command injection patterns. 3. Apply strict input validation and sanitization on all user inputs if custom firmware or configurations are used. 4. Regularly audit device logs for anomalous activities related to command execution or configuration changes. 5. Coordinate with Ruijie Networks for official patches or firmware updates addressing this vulnerability and apply them promptly once available. 6. If patching is not immediately possible, consider temporary mitigations such as disabling or restricting the vulnerable pwdmodify functionality. 7. Educate network administrators about this vulnerability and ensure they follow best practices for device hardening and monitoring. 8. Maintain an incident response plan tailored to network device compromises to quickly contain and remediate any exploitation attempts.