CVE-2025-10774

Name of the Vulnerable Software and Affected Versions Ruijie 6000-E10 versions through 2.4.3.6-20171117

Description A weakness exists in Ruijie 6000-E10. The issue affects an unknown part of the file /view/vpn/autovpn/sub commit.php. Manipulation of the key argument can lead to operating system command injection. The attack can be initiated remotely. The exploit has been publicly released. The vendor was contacted regarding this issue but did not respond.

Recommendations Versions through 2.4.3.6-20171117 should be updated. As a temporary workaround, restrict access to the file /view/vpn/autovpn/sub commit.php to minimize the risk of exploitation. Avoid using the key parameter in the affected file until the issue is resolved.