1. Home
  2. CVE Database
  3. CVE-2025-46117
CRITICAL · 9.1

CVE-2025-46117

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked ...

Vulnerability Description

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to execute arbitrary commands as root on the controller or specified target.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
RuckuswirelessRuckus Unleashed< 200.15.6.212.14
RuckuswirelessRuckus Zonedirector< 10.5.1.0.279
CommscopeRuckus C110-
CommscopeRuckus E510-
CommscopeRuckus H320-
CommscopeRuckus H350-
CommscopeRuckus H510-
CommscopeRuckus H550-
CommscopeRuckus M510-
CommscopeRuckus M510-Jp-
CommscopeRuckus R310-
CommscopeRuckus R320-
CommscopeRuckus R350-
CommscopeRuckus R350E-
CommscopeRuckus R510-
CommscopeRuckus R550-
CommscopeRuckus R560-
CommscopeRuckus R610-
CommscopeRuckus R650-
CommscopeRuckus R670-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2025-46117?

CVE-2025-46117 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked ...

How severe is CVE-2025-46117?

CVE-2025-46117 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-46117?

Check the references section above for vendor advisories and patch information. Affected products include: Ruckuswireless Ruckus Unleashed, Ruckuswireless Ruckus Zonedirector, Commscope Ruckus C110, Commscope Ruckus E510, Commscope Ruckus H320.