CVE-2025-25527

Published: Feb 11, 2025Modified: Aug 13, 2025

5.1

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.5 / Impact: 2.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.3(4b12) due to the lack of length verification, which is related to the configuration of source address NAT rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

Affected (1)

Products: Ruijie: Rg Nbr2600s Firmware

1 product

Rg Nbr2600s Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Nbr2600s Firmware	Version 10.3(4b12)

Running on/with	Platform Versions
Ruijie Rg Nbr2600s	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (1)

https://gist.github.com/XiaoCurry/354620285280aca98acba94a9c5fffb6

Source: cve@mitre.org

Broken Link

Timeline

No history available yet.