CVE-2025-25527 — MEDIUM (5.1)

Vulnerability Description

Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.3(4b12) due to the lack of length verification, which is related to the configuration of source address NAT rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

CVSS Score

5.1

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Ruijie	Rg-Nbr2600S Firmware	10.3\(4b12\)
Ruijie	Rg-Nbr2600S	-

Related Weaknesses (CWE)

CWE-120

References

https://gist.github.com/XiaoCurry/354620285280aca98acba94a9c5fffb6Broken Link

FAQ

What is CVE-2025-25527?

CVE-2025-25527 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.3(4b12) due to the lack of length verification, which is related to the configuration of source address NAT rules. Attackers who successf...

How severe is CVE-2025-25527?

CVE-2025-25527 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-25527?

Check the references section above for vendor advisories and patch information. Affected products include: Ruijie Rg-Nbr2600S Firmware, Ruijie Rg-Nbr2600S.