CVE-2025-46120
CRITICALDescription
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ruckuswireless | ruckus_unleashed |
| ruckuswireless | ruckus_unleashed |
| ruckuswireless | ruckus_zonedirector |
| commscope | ruckus_c110 |
| commscope | ruckus_e510 |
| commscope | ruckus_h320 |
| commscope | ruckus_h350 |
| commscope | ruckus_h510 |
| commscope | ruckus_h550 |
| commscope | ruckus_m510 |
| commscope | ruckus_m510-jp |
| commscope | ruckus_r310 |
| commscope | ruckus_r320 |
| commscope | ruckus_r350 |
| commscope | ruckus_r350e |
| commscope | ruckus_r510 |
| commscope | ruckus_r550 |
| commscope | ruckus_r560 |
| commscope | ruckus_r610 |
| commscope | ruckus_r650 |
| commscope | ruckus_r670 |
| commscope | ruckus_r710 |
| commscope | ruckus_r720 |
| commscope | ruckus_r730 |
| commscope | ruckus_r750 |
| commscope | ruckus_r760 |
| commscope | ruckus_r770 |
| commscope | ruckus_r850 |
| commscope | ruckus_t310c |
| commscope | ruckus_t310n |
| commscope | ruckus_t310s |
| commscope | ruckus_t350c |
| commscope | ruckus_t350d |
| commscope | ruckus_t350se |
| commscope | ruckus_t610 |
| commscope | ruckus_t670 |
| commscope | ruckus_t710 |
| commscope | ruckus_t710s |
| commscope | ruckus_t750 |
| commscope | ruckus_t750se |
| commscope | ruckus_t811-cm |
| commscope | ruckus_t811-cm_\(non-sfp\) |
| commscope | zonedirector_1200 |
References
Frequently Asked Questions
What is CVE-2025-46120? +
How severe is CVE-2025-46120? +
What products are affected by CVE-2025-46120? +
How do I check if I'm vulnerable to CVE-2025-46120? +
Related Vulnerabilities
Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior …
Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.toml …
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal …
Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path …
Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file …
Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to …