CVE-2025-56109 is an OS Command Injection vulnerability identified in the Ruijie RG-BCR RG-BCR860 device, specifically within the Lua script file /usr/lib/lua/luci/control/admin/wireless.lua. The vulnerability arises from improper input validation in the action_wireless function, which processes POST requests. An attacker with low privileges (PR:L) can craft a malicious POST request to this endpoint, injecting arbitrary operating system commands that the device executes with the privileges of the running service. The vulnerability is remotely exploitable over the network (AV:N) without requiring user interaction (UI:N), and it affects the confidentiality, integrity, and availability of the device (C:H/I:H/A:H). The CVSS v3.1 base score of 8.8 reflects the high impact and ease of exploitation. Although no public exploits are currently known, the vulnerability’s nature and scoring suggest it could be leveraged for full device compromise, potentially allowing attackers to pivot within networks, disrupt wireless services, or exfiltrate sensitive data. The lack of specified affected versions and absence of available patches indicate that organizations must monitor vendor advisories closely. The vulnerability is categorized under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), a common and critical class of injection flaws.

For European organizations, exploitation of CVE-2025-56109 could lead to severe operational and security consequences. The Ruijie RG-BCR860 is typically deployed in enterprise and telecom wireless infrastructure; thus, a successful attack could disrupt wireless network availability, compromise sensitive communications, and allow lateral movement within corporate or service provider networks. Confidential data could be stolen or manipulated, and attackers could establish persistent footholds. Given the high CVSS score and the ability to execute arbitrary commands remotely without user interaction, the threat poses a significant risk to critical infrastructure and enterprises relying on Ruijie devices. Disruptions could affect sectors such as telecommunications, government agencies, and large enterprises with wireless deployments. The absence of known exploits currently provides a window for proactive defense, but the potential for rapid weaponization exists.

Organizations should implement the following specific mitigations: 1) Immediately restrict network access to the management interfaces of Ruijie RG-BCR860 devices, especially blocking untrusted external IPs from reaching the wireless.lua endpoint. 2) Employ network segmentation and firewall rules to isolate vulnerable devices from critical network segments. 3) Monitor network traffic for anomalous POST requests targeting /usr/lib/lua/luci/control/admin/wireless.lua or unusual command execution patterns. 4) Engage with Ruijie support channels to obtain patches or firmware updates as soon as they become available and apply them promptly. 5) Conduct internal audits to identify all Ruijie RG-BCR860 devices in the environment and verify their firmware versions. 6) Implement host-based intrusion detection on these devices if supported, to detect unauthorized command execution. 7) Use multi-factor authentication and limit administrative privileges to reduce the risk of low-privilege attackers exploiting this vulnerability. 8) Prepare incident response plans specifically addressing potential wireless infrastructure compromise scenarios.