CVE-2025-46120

Name of the Vulnerable Software and Affected Versions CommScope Ruckus Unleashed versions prior to 200.14.6.1.203 CommScope Ruckus ZoneDirector (affected versions not specified)

Description A path-traversal flaw exists in the web interface. This flaw allows the server to execute attacker-supplied EJS templates outside of permitted directories. A remote, unauthenticated attacker who can upload a template (e.g., via FTP) can escalate privileges and run arbitrary template code on the controller.

Recommendations CommScope Ruckus Unleashed versions prior to 200.14.6.1.203: Update to version 200.14.6.1.203 or later. CommScope Ruckus ZoneDirector: At the moment, there is no information about a newer version that contains a fix for this vulnerability.