The vulnerability identified as CVE-2025-58778 affects multiple firmware versions of the Ruijie Networks RG-EST300 device, a network appliance providing wireless access point functionality. The core issue is the presence of an undocumented SSH server enabled by default in the device's initial configuration. This SSH server is not mentioned in the official manuals, making it a hidden attack surface. An attacker who knows or can obtain the credentials for this SSH service can remotely log into the device. Once authenticated, the attacker can perform actions including reading sensitive information from the device, modifying system configurations, or causing a denial of service by disrupting normal operations. The CVSS v3.0 score of 7.2 reflects a high severity, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no exploits have been reported in the wild yet, the presence of an undocumented and enabled-by-default SSH service represents a significant risk, especially if credentials are leaked or weak. The affected firmware versions include AP_3.0(1)B2P18_EST300_06210514 and several AP_3.0(1)B2P10_EST300 builds. The vulnerability was published on October 16, 2025, and was reserved in early September 2025. No official patches or mitigation links have been provided at the time of publication.

For European organizations, this vulnerability poses a substantial risk to network security and operational continuity. The RG-EST300 devices are likely used in enterprise and possibly critical infrastructure networks for wireless access. Unauthorized access via the hidden SSH server could lead to exposure of sensitive network configuration and operational data, enabling further lateral movement or espionage. Alteration of device configurations could disrupt network services, degrade performance, or create persistent backdoors. A denial of service could impact availability of wireless connectivity, affecting business operations and potentially critical services. Given the high confidentiality, integrity, and availability impacts, organizations in sectors such as finance, telecommunications, government, and critical infrastructure are particularly vulnerable. The lack of user interaction required for exploitation increases the risk of automated or remote attacks. The fact that the SSH server is undocumented and enabled by default means many administrators may be unaware of this attack vector, delaying detection and response.

European organizations should immediately audit their RG-EST300 devices to determine if the affected firmware versions are in use. Network administrators should verify whether the undocumented SSH server is enabled and disable it if possible through device configuration settings. Changing all default or known credentials associated with the SSH service is critical to prevent unauthorized access. Network segmentation and strict access controls should be applied to limit SSH access to trusted management networks only. Monitoring and logging of SSH access attempts should be enhanced to detect suspicious activity. Organizations should engage with Ruijie Networks for official patches or firmware updates addressing this vulnerability and apply them promptly once available. Additionally, conducting penetration testing and vulnerability assessments focusing on these devices can help identify exploitation attempts. Finally, raising awareness among IT staff about this hidden service will improve detection and response capabilities.