CVE-2025-46120 Information
Jul 22, 2025
cve
Description
An issue was discovered in CommScope Ruckus Unleashed prior to 200.14.6.1.203 and in Ruckus ZoneDirector where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories allowing a remote unauthenticated attacker who can upload a template (e.g. via FTP) to escalate privileges and run arbitrary template code on the controller.
Reference
http://commscope.com https://sector7.computest.nl/post/2025-07-ruckus-unleashed/ https://support.ruckuswireless.com/security_bulletins/330
Related CNNVD
CNNVD-202507-2655 (Published: 2025-07-21)
Share on: