CVE-2025-46116 (GCVE-0-2025-46116)
Vulnerability from cvelistv5
Published
2025-07-21 00:00
Modified
2025-07-22 16:53
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • n/a
Summary
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-46116",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-21T18:13:04.116393Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-250",
                "description": "CWE-250 Execution with Unnecessary Privileges",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-21T18:15:55.668Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T16:53:31.177Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://support.ruckuswireless.com/security_bulletins/330"
        },
        {
          "url": "https://sector7.computest.nl/post/2025-07-ruckus-unleashed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-46116",
    "datePublished": "2025-07-21T00:00:00.000Z",
    "dateReserved": "2025-04-22T00:00:00.000Z",
    "dateUpdated": "2025-07-22T16:53:31.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-46116\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-07-21T15:15:27.690\",\"lastModified\":\"2025-08-05T17:17:40.227\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en CommScope Ruckus Unleashed anterior a 200.15.6.212.14 y 200.17.7.0.139, y en Ruckus ZoneDirector anterior a 10.5.1.0.279, donde un atacante autenticado puede deshabilitar el requisito de contrase\u00f1a para un comando CLI oculto `!v54!` a trav\u00e9s de una llamada a la API de administraci\u00f3n y luego invocarlo para escapar del shell restringido y obtener un shell root en el controlador.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-250\"},{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"200.15.6.212.14\",\"matchCriteriaId\":\"8933A8DB-2169-4969-857D-65FCC5A2687E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"200.17\",\"versionEndExcluding\":\"200.17.7.0.139\",\"matchCriteriaId\":\"7BF7ACF7-77A1-497E-991F-F8015017FF6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.5.1.0.279\",\"matchCriteriaId\":\"31CEC229-C1CD-471D-93EC-BF4629393864\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84B1EC30-ACC3-4141-A149-F2C912AEDC2B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1CB277A-B51A-4EF6-9B60-26E42DB466A3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EDE59EC-811F-4A5E-A4DE-C3289D8A049A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37C8E333-5C44-44BB-842F-FCDA8D8D5831\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CABADA0-2CC3-4218-BE64-7014F21166CD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DC533A1-7998-4363-9D94-E1472F22DE87\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75F9B4E2-6E5B-4C96-A46F-06450BB81E68\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"028EEF4A-5A5B-4662-A5AA-B027EF66DF2B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BA2F043-9743-4FC9-AF74-20FAC503C2F2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D165B27E-AA69-446F-916F-AF26E30510CA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BD23474-CBFE-4575-A2DA-431C0D74E2EE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"208776B7-AC2A-445F-A26F-5C072EFEED0E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB605D38-A71B-44FF-909D-D34348491EA8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54D2D26C-E53C-41E2-9EB7-653CBF5A49E7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E547E2A0-86E7-438C-9602-A2ECB247A84C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3A5E2C5-E261-4FA6-AB5E-D651110C80CB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44C800DC-82C3-4240-B2C0-18433FED4E3B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1677A804-8DE7-4191-8E84-9ADAE9E8269E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22845768-F360-46EC-BB48-2A68A4B6A2C8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89E38958-2FEB-4945-81E0-522BD1136D26\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D8F47E7-791A-44E8-A62C-B4D0F4AF80BD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A2A5668-2EDB-4E93-A4FA-88FCBCC057B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"473AC82B-6A00-4076-A043-E4854DA09C3E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"554AE543-CC27-4109-9F0C-E17BF2A4E22F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92E815A2-09BC-4FF8-B38C-8857E626ACA1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0777F3E0-7F95-49B4-B488-5550FF922E9E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23A4DF46-52A7-4F47-B9EB-8F3A1D0261DA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD0D8BF0-5736-44F7-8B9C-6BDCF97FF5C9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBCA0728-C62C-429B-ABA0-A8F853543A0F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DDB7F8C-9DF1-47B4-8E82-95003744CC0B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B4ED697-139A-4679-85D5-3992DEA8BB44\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E5F3A97-6FC5-4592-8304-43070120AA3A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACE01A53-D787-4240-BF0F-EDC8BF51D6D1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E23CE29C-210E-44C0-B4CF-01F2889B671D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD7A8265-2895-42FF-BF64-76C73CF67112\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29911530-47EC-4865-9965-72D101827F1A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C83392A-1656-473F-9F08-C3CC89FDF3FA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C49E0DC-A33C-43F3-9278-5341C1842FA6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:ruckus_t811-cm_\\\\(non-sfp\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFDE6F6D-DC10-4C72-BDEC-0B1CB7DCCEA9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB4E62C-2532-41A9-9F1E-737D3E4DD008\"}]}]}],\"references\":[{\"url\":\"https://sector7.computest.nl/post/2025-07-ruckus-unleashed/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://support.ruckuswireless.com/security_bulletins/330\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-46116\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-21T18:13:04.116393Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-250\", \"description\": \"CWE-250 Execution with Unnecessary Privileges\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-21T18:14:29.000Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://support.ruckuswireless.com/security_bulletins/330\"}, {\"url\": \"https://sector7.computest.nl/post/2025-07-ruckus-unleashed/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-07-22T16:53:31.177Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-46116\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-22T16:53:31.177Z\", \"dateReserved\": \"2025-04-22T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-07-21T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.