{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68459", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2025-12-17T23:37:17.886Z", "datePublished": "2025-12-18T05:51:07.988Z", "dateUpdated": "2025-12-18T15:33:43.033Z"}, "containers": {"cna": {"affected": [{"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180-PE V3.xx", "versions": [{"version": "AP_RGOS 11.9(4)B1P8 and earlier", "status": "affected"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180(JA) V1.xx", "versions": [{"version": "AP_RGOS 11.9(4)B1P8 and earlier", "status": "affected"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180(JP) V1.xx", "versions": [{"version": "AP_RGOS 11.9(4)B1P8 and earlier", "status": "affected"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180-AC V1.xx", "versions": [{"version": "AP_RGOS 11.9(4)B1P8 and earlier", "status": "affected"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180-PE V1.xx", "versions": [{"version": "AP_RGOS 11.9(4)B1P8 and earlier", "status": "affected"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180(JA) V2.xx", "versions": [{"version": "AP_RGOS 11.9(4)B1P8 and earlier", "status": "affected"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180-AC V2.xx", "versions": [{"version": "AP_RGOS 11.9(4)B1P8 and earlier", "status": "affected"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180-PE V2.xx", "versions": [{"version": "AP_RGOS 11.9(4)B1P8 and earlier", "status": "affected"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180-AC V3.xx", "versions": [{"version": "AP_RGOS 11.9(4)B1P8 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service."}], "problemTypes": [{"descriptions": [{"description": "Improper neutralization of special elements used in an OS command ('OS Command Injection')", "lang": "en-US", "cweId": "CWE-78", "type": "CWE"}]}], "references": [{"url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/930282/"}, {"url": "https://jvn.jp/en/vu/JVNVU94068946/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-12-18T05:51:07.988Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-18T15:28:34.206269Z", "id": "CVE-2025-68459", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T15:33:43.033Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-68459", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-18T15:28:34.206269Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T15:28:35.484Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180-PE V3.xx", "versions": [{"status": "affected", "version": "AP_RGOS 11.9(4)B1P8 and earlier"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180(JA) V1.xx", "versions": [{"status": "affected", "version": "AP_RGOS 11.9(4)B1P8 and earlier"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180(JP) V1.xx", "versions": [{"status": "affected", "version": "AP_RGOS 11.9(4)B1P8 and earlier"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180-AC V1.xx", "versions": [{"status": "affected", "version": "AP_RGOS 11.9(4)B1P8 and earlier"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180-PE V1.xx", "versions": [{"status": "affected", "version": "AP_RGOS 11.9(4)B1P8 and earlier"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180(JA) V2.xx", "versions": [{"status": "affected", "version": "AP_RGOS 11.9(4)B1P8 and earlier"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180-AC V2.xx", "versions": [{"status": "affected", "version": "AP_RGOS 11.9(4)B1P8 and earlier"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180-PE V2.xx", "versions": [{"status": "affected", "version": "AP_RGOS 11.9(4)B1P8 and earlier"}]}, {"vendor": "Ruijie Networks Co., Ltd.", "product": "AP180-AC V3.xx", "versions": [{"status": "affected", "version": "AP_RGOS 11.9(4)B1P8 and earlier"}]}], "references": [{"url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/930282/"}, {"url": "https://jvn.jp/en/vu/JVNVU94068946/"}], "descriptions": [{"lang": "en", "value": "RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-78", "description": "Improper neutralization of special elements used in an OS command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-12-18T05:51:07.988Z"}}}, "cveMetadata": {"cveId": "CVE-2025-68459", "state": "PUBLISHED", "dateUpdated": "2025-12-18T15:33:43.033Z", "dateReserved": "2025-12-17T23:37:17.886Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2025-12-18T05:51:07.988Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service."}], "id": "CVE-2025-68459", "lastModified": "2025-12-18T15:07:42.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2025-12-18T06:15:49.717", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/vu/JVNVU94068946/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/930282/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{}