OS Command Injection Vulnerability in Ruijie Networks AP180 Series
CVE-2025-68459

8.6HIGH

Key Information:

Vendor: Ruijie Networks Co., Ltd.
Status: Ap180-pe V3.xx; Ap180(ja) V1.xx; Ap180(jp) V1.xx; Ap180-ac V1.xx
Vendor: CVE Published:; 18 December 2025

🔔 Create Ruijie Networks Co., Ltd. Vulnerability Alert

What is CVE-2025-68459?

The Ruijie Networks AP180 Indoor Wall Plate Wireless Access Point series contains a significant OS command injection vulnerability. This weakness allows attackers with access to the Command Line Interface (CLI) service to execute arbitrary operating system commands, potentially compromising the integrity and security of the affected devices. Proper precautions and security measures should be implemented to protect the network from unauthorized command execution.

Affected Version(s)

AP180-AC V1.xx AP_RGOS 11.9(4)B1P8 and earlier

AP180-AC V2.xx AP_RGOS 11.9(4)B1P8 and earlier

AP180-AC V3.xx AP_RGOS 11.9(4)B1P8 and earlier

References

https://www.ruijie.com.cn/gy/xw-aqtg-gw/930282/

https://jvn.jp/en/vu/JVNVU94068946/

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Dec 17, 2025

JSON