Unsecured SSH Server in RG-EST300 Devices from Ruijie Networks
CVE-2025-58778

8.6HIGH

Key Information:

Vendor: Ruijie Networks Co., Ltd.
Status: Rg-est300
Vendor: CVE Published:; 16 October 2025

🔔 Create Ruijie Networks Co., Ltd. Vulnerability Alert

What is CVE-2025-58778?

Multiple versions of the RG-EST300 by Ruijie Networks expose SSH server functionality, which is enabled by default and undocumented. This configuration flaw allows unauthorized users with knowledge of the necessary credentials to access the device. This can result in information disclosure, unauthorized changes to system settings, and even a denial of service (DoS) condition, compromising the devices' integrity and availability.

Affected Version(s)

RG-EST300 AP_3.0(1)B2P18_EST300_06210514

RG-EST300 AP_3.0(1)B2P10_EST300_06151523

RG-EST300 AP_3.0(1)B2P10_EST300_05232216

References

https://www.ruijie.com.cn/gy/xw-aqtg-gw/929848/

https://www.ruijie.com/en-global/support/productLifecycle

https://jvn.jp/en/jp/JVN72648885/

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Sep 5, 2025

JSON