CVE-2025-56109 is an OS Command Injection vulnerability identified in the Ruijie RG-BCR RG-BCR860 wireless controller device. The flaw exists in the handling of POST requests to the action_wireless function within the /usr/lib/lua/luci/control/admin/wireless.lua script. An attacker can craft a malicious POST request that injects arbitrary operating system commands, which the device executes with administrative privileges. This type of vulnerability arises from improper input validation or sanitization of user-supplied data before it is passed to system-level command execution functions. Successful exploitation can allow attackers to take full control of the device, manipulate wireless configurations, intercept or redirect traffic, or pivot into the internal network. Although no specific affected versions are listed, the vulnerability is tied to the RG-BCR860 model. No patches or mitigations are currently documented, and no exploits have been publicly reported. The vulnerability was reserved in August 2025 and published in December 2025, indicating recent discovery. The lack of a CVSS score requires an independent severity assessment based on impact and exploitability factors.

For European organizations, exploitation of this vulnerability could have severe consequences. The Ruijie RG-BCR860 device is typically deployed in enterprise and service provider networks to manage wireless access points. Compromise could lead to unauthorized network access, interception of sensitive data, disruption of wireless services, and lateral movement within corporate networks. This could impact confidentiality by exposing internal communications, integrity by allowing configuration tampering, and availability by causing denial of service or network outages. Critical sectors such as finance, healthcare, government, and telecommunications relying on Ruijie infrastructure could face operational disruptions and data breaches. The absence of known exploits reduces immediate risk but also means organizations may be unprepared. Attackers targeting European networks could leverage this vulnerability to gain footholds in high-value environments, especially where Ruijie devices are prevalent.

Organizations should immediately inventory their network infrastructure to identify any Ruijie RG-BCR RG-BCR860 devices. Network segmentation should be enforced to restrict access to device management interfaces only to trusted administrators. Implement strict firewall rules to block unauthorized inbound traffic to the device’s administrative ports. Monitor network traffic for unusual POST requests targeting the action_wireless endpoint. Since no official patches are currently available, consider deploying Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block command injection patterns. Disable or restrict remote management features if not required. Engage with Ruijie support for any available firmware updates or advisories. Additionally, implement strong authentication and logging to detect and respond to suspicious activities promptly. Regularly update incident response plans to include this vulnerability scenario.