CVE-2025-56111 is a critical OS Command Injection vulnerability identified in the Ruijie RG-BCR RG-BCR860 network device. The flaw exists in the handling of POST requests to the network_set_wan_conf function located in the Lua script /usr/lib/lua/luci/controller/admin/netport.lua. An attacker can craft a malicious POST request that injects arbitrary operating system commands, which the device executes with elevated privileges. This vulnerability stems from insufficient input validation or sanitization of user-supplied data before passing it to system-level command execution functions. Successful exploitation allows remote attackers to execute arbitrary commands on the device, potentially leading to full compromise of the device, including unauthorized access to network configurations, interception or manipulation of network traffic, and pivoting to internal networks. The vulnerability is particularly dangerous because it does not require user interaction and can be exploited remotely if the administrative interface is exposed or accessible within the network. Although no known exploits are currently reported in the wild, the nature of the vulnerability and the device's role in network infrastructure make it a high-risk issue. The absence of a CVSS score indicates that the vulnerability is newly published and pending further assessment. However, the technical details and attack vector suggest a critical severity level.

For European organizations, the impact of CVE-2025-56111 can be severe. Ruijie devices like the RG-BCR860 are often deployed in enterprise, government, and critical infrastructure networks. Exploitation could lead to unauthorized control over network configurations, disruption of WAN connectivity, and potential lateral movement within internal networks. Confidential data traversing these devices could be intercepted or altered, compromising data integrity and confidentiality. Availability of network services could be disrupted by malicious commands, causing operational downtime. The risk is amplified in environments where these devices are exposed to untrusted networks or insufficiently segmented internal networks. Given the strategic importance of telecommunications and network infrastructure in Europe, successful exploitation could affect sectors such as finance, healthcare, energy, and public administration, leading to significant economic and operational consequences.

To mitigate CVE-2025-56111, European organizations should immediately restrict access to the administrative interfaces of Ruijie RG-BCR860 devices, ideally limiting access to trusted management networks or VPNs. Network segmentation should be enforced to isolate management interfaces from general user networks. Implement strict firewall rules to block unauthorized POST requests targeting the network_set_wan_conf endpoint. Monitor network traffic for unusual or malformed POST requests indicative of exploitation attempts. Deploy intrusion detection or prevention systems with signatures targeting this vulnerability once available. Coordinate with Ruijie for official patches or firmware updates and apply them promptly upon release. In the interim, consider disabling or restricting the vulnerable functionality if feasible. Conduct regular audits of device configurations and logs to detect signs of compromise. Educate network administrators about the risk and ensure secure credential management to prevent unauthorized access.