Ameeba Blog Logo
Ameeba Chat App store presentation
Download Ameeba Chat Today
Ameeba Blog Search

CVE-2025-46120: Critical Path-Traversal Flaw in Ruckus Wireless Controllers

Ameeba’s Mission: Safeguarding privacy by securing data and communication with our patented anonymization technology.

Overview

The cybersecurity world is once again abuzz with a freshly discovered vulnerability, CVE-2025-46120, that plagues CommScope Ruckus Unleashed and ZoneDirector platforms. This critical vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the controller, potentially leading to system compromise and data leakage.
The severity of this vulnerability is not to be underestimated since it affects a wide range of enterprise-grade wireless systems. These devices are often used in environments where network security is paramount, such as commercial businesses, government facilities, and educational institutions. With the ability to exploit this vulnerability, attackers could potentially disrupt the operations of these organizations, leading to significant data and financial losses.

Vulnerability Summary

CVE ID: CVE-2025-46120
Severity: Critical (9.8/10 on the CVSS scale)
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: System compromise, Data leakage

Affected Products

Ameeba Chat Icon Escape the Surveillance Era

Most apps won’t tell you the truth.
They’re part of the problem.

Phone numbers. Emails. Profiles. Logs.
It’s all fuel for surveillance.

Ameeba Chat gives you a way out.

  • • No phone number
  • • No email
  • • No personal info
  • • Anonymous aliases
  • • End-to-end encrypted

Chat without a trace.

Product | Affected Versions

CommScope Ruckus Unleashed | Prior to 200.15.6.212.27 and 200.18.7.1.323
Ruckus ZoneDirector | Prior to 10.5.1.0.282

How the Exploit Works

The vulnerability lies within the web interface of the affected Ruckus platforms. Specifically, a path-traversal flaw allows the server to execute attacker-supplied EJS templates outside of the permitted directories. An attacker can upload a malicious template, for example, via FTP, to the server. Once uploaded, the server can be tricked into executing this template, which could contain arbitrary code, leading to privilege escalation and potential system compromise.

Conceptual Example Code

A conceptual example of how this vulnerability might be exploited is given below:

ftp target.example.com
Name (target.example.com:attacker): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> put malicious.ejs /path/to/vulnerable/directory
200 PORT command successful. Consider using PASV.
150 Ok to send data.
226 Transfer complete.
ftp> bye
221 Goodbye.

In this example, an attacker anonymously logs into the FTP server of the target device and uploads a malicious EJS template (`malicious.ejs`) to a vulnerable directory on the server. The server, due to the path-traversal flaw, can then execute the malicious template, leading to a potential system compromise.

Talk freely. Stay anonymous with Ameeba Chat.

Disclaimer:

The information and code presented in this article are provided for educational and defensive cybersecurity purposes only. Any conceptual or pseudocode examples are simplified representations intended to raise awareness and promote secure development and system configuration practices.

Do not use this information to attempt unauthorized access or exploit vulnerabilities on systems that you do not own or have explicit permission to test.

Ameeba and its authors do not endorse or condone malicious behavior and are not responsible for misuse of the content. Always follow ethical hacking guidelines, responsible disclosure practices, and local laws.

More posts

Ameeba Chat