CVE-2025-56129 is an OS Command Injection vulnerability identified in the Ruijie RG-BCR RG-BCR860 network device. The vulnerability resides in the Lua controller script located at /usr/lib/lua/luci/controller/admin/diagnosis.lua, specifically in the action_diagnosis function. Attackers can exploit this flaw by sending a crafted POST request to this endpoint, which fails to properly sanitize input parameters before passing them to underlying system commands. This lack of input validation allows arbitrary command execution on the device's operating system with the privileges of the running service, potentially root or administrative level. The vulnerability was reserved in August 2025 and published in December 2025, but no CVSS score or patches have been released yet, and no exploits have been observed in the wild. Ruijie RG-BCR860 devices are typically used in enterprise and service provider environments for network access control and security. Successful exploitation could allow attackers to take full control of the device, manipulate network traffic, disrupt services, or pivot into internal networks. The absence of authentication requirements or user interaction in the description suggests the attack vector is remote and straightforward, increasing the risk profile. Given the critical role of such devices in network infrastructure, this vulnerability poses a significant threat to affected organizations.

For European organizations, exploitation of this vulnerability could result in severe consequences including unauthorized access to network infrastructure, interception or manipulation of sensitive data, disruption of network services, and potential lateral movement within corporate or critical infrastructure networks. Organizations relying on Ruijie RG-BCR860 devices for network security or access control may face operational downtime, data breaches, and compliance violations under GDPR due to compromised confidentiality and integrity. The ability to execute arbitrary commands remotely without authentication amplifies the risk of automated attacks and widespread exploitation. Critical sectors such as telecommunications, government, finance, and energy in Europe could be particularly impacted, as these sectors often deploy such network devices extensively and are frequent targets of cyberattacks. The lack of available patches increases the window of exposure, necessitating immediate compensating controls to mitigate risk.

1. Immediately implement network segmentation to isolate Ruijie RG-BCR860 devices from untrusted networks and limit access to management interfaces. 2. Deploy strict firewall rules to block unauthorized POST requests targeting the /usr/lib/lua/luci/controller/admin/diagnosis.lua endpoint or the action_diagnosis function. 3. Monitor network traffic for anomalous POST requests or unusual command execution patterns on these devices. 4. Enforce strong authentication and access control policies for device management interfaces, including multi-factor authentication where possible. 5. Engage with Ruijie Networks for official patches or firmware updates and apply them promptly once available. 6. Conduct regular vulnerability scanning and penetration testing focused on network devices to detect exploitation attempts. 7. Consider temporary removal or replacement of vulnerable devices in high-risk environments until a patch is released. 8. Educate network administrators on this vulnerability and signs of compromise to enable rapid incident response.