Execution with Unnecessary Privileges

CVE-2025-46116

High

8.8/10

Summary

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-250 - Execution with Unnecessary Privileges

The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References

Advisory Timeline

Published Jul 21, 2025

Execution with Unnecessary Privileges

CVE-2025-46116

Summary

CWE-250 - Execution with Unnecessary Privileges

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS