CVE-2025-46116
Last modified
CVE-2025-46116 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.. EPSS estimates a 0.48% chance of exploitation in the next 30 days.
Description
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ruckuswireless | Ruckus Unleashed | < 200.15.6.212.14 |
| Ruckuswireless | Ruckus Unleashed | >= 200.17, < 200.17.7.0.139 |
| Ruckuswireless | Ruckus Zonedirector | < 10.5.1.0.279 |
References
- https://sector7.computest.nl/post/2025-07-ruckus-unleashed/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-46116?
How severe is CVE-2025-46116?
How do I fix CVE-2025-46116?
Are you affected by CVE-2025-46116?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST