What the vulnerability does
01Description
In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
CVSS base score
9.9/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Key dates
02Disclosure timeline
August 4, 2025
CVE published
November 3, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-50121
CVE-2021-35047 Privileged Command Injection Vulnerability in Fidelis Network and Deception
CVE-2026-42454 Termix: OS Command Injection in Docker Container Management Endpoints
CVE-2022-50909 Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)
CVE-2020-26274 Command Injection Vulnerability in systeminformation
