Buffer Overflow Vulnerability in Ruijie RG-NBR2600S Gateway
CVE-2025-25527

5.1MEDIUM

Key Information:

Vendor: Ruijie
Status: RG-NBR2600S Gateway
Vendor: CVE Published:; 11 February 2025

What is CVE-2025-25527?

A buffer overflow vulnerability exists in the Ruijie RG-NBR2600S Gateway version 10.3(4b12) due to inadequate length verification in the configuration of source address NAT rules. This flaw could allow attackers to exploit the device by sending specially crafted input, leading to potential crashes or the execution of arbitrary commands. Mitigating this vulnerability is crucial for safeguarding network devices from unauthorized access and ensuring operational integrity.

References

https://gist.github.com/XiaoCurry/354620285280aca98acba94...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Feb 7, 2025