CVE-2025-56113

HIGH EPSS 70.1%

Published Dec 11, 20256mo ago · Modified Jun 17, 20261w ago

8.8 CVSS 3.1

High

Published Dec 11, 2025 6mo ago

Last Modified Jun 17, 2026 1w ago

Description

OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP_3.0(1)B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.

CVSS Details

Base Score

8.8

Exploitability

2.8

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

70.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 10

Vendor	Product	Version	Range
ruijie	rg-yst250f_firmware	3.0\(1\)b11p280yst250f	any
ruijie	rg-yst250f	*	any
ruijie	rg-est310_v2_firmware	b11p221	any
ruijie	rg-est310_v2	*	any
ruijie	reyee_os	221	any
ruijie	rg-est350_v2	*	any
ruijie	reyee_os	219	any
ruijie	rg-ew300_pro	*	any
ruijie	rg-eap602_firmware	3.0\(1\)b2p55	any
ruijie	rg-eap602	*	any

References 3

1drv.ms https://1drv.ms/f/c/12406a392c92914b/EsGqqVSQqCVBjjz2FhAHAiAB4MCHo41vIuw2wPgLykbupA?e=YgF1gt

Broken Link
1drv.ms https://1drv.ms/t/c/12406a392c92914b/EY_XOykAOvJJkGsDkmahTboBmmvNWczbXF3brroYsTWmTA?e=2Itzta

Broken Link
github.com https://github.com/flegoity/Ruijie-Multiple-Devices-Vulnerability-Reports-for-CVE/blob/main/CVE-2025-56113.md

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.