CVE-2025-56110 is an OS Command Injection vulnerability identified in the Ruijie RG-BCR RG-BCR860 network device. The flaw exists in the handling of POST requests directed at the action_deal_update function within the Lua script located at /usr/lib/lua/luci/controller/api/rcmsAPI.lua. An attacker can craft a malicious POST request that injects arbitrary operating system commands, which the device executes with the privileges of the running service. This type of vulnerability is particularly dangerous because it allows remote code execution without requiring authentication or user interaction, potentially enabling attackers to take full control of the device. The vulnerability was reserved in August 2025 and published in December 2025, but no CVSS score or patches have been released yet, and no active exploitation has been reported. Ruijie RG-BCR860 devices are typically used in enterprise and telecom environments, making this vulnerability a significant risk for network infrastructure. The lack of a patch and public exploit increases the urgency for organizations to implement compensating controls. Attackers exploiting this vulnerability could disrupt network operations, exfiltrate sensitive data, or use the compromised device as a foothold for further attacks within the network.

For European organizations, the impact of CVE-2025-56110 could be severe. Compromise of Ruijie RG-BCR860 devices could lead to unauthorized access to internal networks, disruption of critical communications, and potential data breaches. Telecommunications providers and enterprises relying on these devices for network management or security functions could experience outages or degraded service, affecting business continuity and customer trust. The ability to execute arbitrary commands remotely means attackers can install malware, pivot to other systems, or manipulate network traffic. This poses a significant risk to sectors such as finance, government, healthcare, and critical infrastructure, where network integrity and availability are paramount. Additionally, the absence of patches increases the window of exposure, potentially inviting targeted attacks or automated exploitation once public proof-of-concept code emerges.

Until an official patch is released, European organizations should implement the following mitigations: 1) Restrict network access to the management interfaces of Ruijie RG-BCR860 devices using firewalls and access control lists, limiting POST requests to trusted IP addresses only. 2) Monitor network traffic for unusual POST requests targeting the /usr/lib/lua/luci/controller/api/rcmsAPI.lua endpoint, employing intrusion detection systems with custom signatures. 3) Employ network segmentation to isolate vulnerable devices from critical systems and sensitive data. 4) Disable or restrict the vulnerable API endpoint if possible through device configuration or firmware settings. 5) Maintain up-to-date backups of device configurations to enable rapid recovery if compromise occurs. 6) Engage with Ruijie support channels to obtain information on patches or firmware updates and apply them promptly once available. 7) Conduct regular security audits and penetration tests focusing on network devices to identify and remediate similar vulnerabilities proactively.