OS Command Injection in Ruijie X30 PRO Devices
CVE-2025-56092

8.8HIGH

Key Information:

Vendor: Ruijie
Status: X30 PRO
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-56092?

The Ruijie X30 PRO devices are susceptible to an OS Command Injection vulnerability which enables attackers to execute arbitrary commands. This can be achieved through specially crafted POST requests targeting the networkConnect.lua file within the system. The exploit allows unauthorized users to manipulate device operations, posing a significant risk to network security and device integrity.

References

https://1drv.ms/f/c/12406a392c92914b/EtGIxwWujwxBvQhL9wgn...

https://1drv.ms/t/c/12406a392c92914b/EaD98URfTfFKm1v_MTfU...

https://github.com/flegoity/Ruijie-Multiple-Devices-Vulne...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Aug 16, 2025

JSON