Cyber Posture

CVE-2025-56108

HighPublic PoC

Published: 11 December 2025

Published
11 December 2025
Modified
26 January 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0050 66.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires input validation mechanisms at the pwdmodify endpoint to reject crafted POST requests containing OS command injection payloads.

SI-2 Flaw Remediation good match
prevent

Mandates timely remediation of the command injection flaw in /usr/lib/lua/luci/modules/common.lua through patching or updates.

SI-9 Information Input Restrictions partial match
prevent

Enforces restrictions on POST request inputs to the pwdmodify function, such as character sets and lengths, to block injection attempts.

Security SummaryAI

CVE-2025-56108 is an OS command injection vulnerability (CWE-78) affecting the Ruijie X30-PRO device, specifically version X30-PRO-V1_09241521. The flaw resides in the pwdmodify function within the file /usr/lib/lua/luci/modules/common.lua, where attackers can execute arbitrary operating system commands by sending a crafted POST request. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and potential for high impact on confidentiality, integrity, and availability.

An attacker with low privileges (PR:L), such as an authenticated user on the device, can exploit this vulnerability remotely over the network without user interaction. By crafting a malicious POST request to the pwdmodify endpoint, the attacker injects and executes arbitrary OS commands, potentially leading to full system compromise, including data exfiltration, persistence, or further lateral movement within the network.

Advisories and detailed reports on this vulnerability, including potential patches or workarounds, are available in the following references: https://1drv.ms/f/c/12406a392c92914b/EtGIxwWujwxBvQhL9wgnUIwBkg-mndJJX07Igr6d0cic-g?e=4KJbWY, https://1drv.ms/t/c/12406a392c92914b/Ecib6--fxv9HhrfAdhmP5R4BOPDcTcqTOBt0hQBEx5BTxA?e=s3ejN1, and https://github.com/flegoity/Ruijie-Multiple-Devices-Vulnerability-Reports-for-CVE/blob/main/CVE-2025-56108.md. Security practitioners should consult these for mitigation guidance specific to affected Ruijie deployments.

Details

CWE(s)
CWE-78

Affected Products

ruijie
x30 pro firmware
all versions
ruijie
rg-eap602 firmware
3.0\(1\)b2p55
ruijie
rg-est350 firmware
3.0\(1\)b11p221
ruijie
rg-ew300 pro firmware
3.0\(1\)b11p219
ruijie
rg-est310 firmware
3.0\(1\)b11p211

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

OS command injection directly enables arbitrary Unix shell command execution (T1059.004) on the network device and facilitates privilege escalation from low-privileged access (PR:L) to full system compromise (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References