CVE-2025-63735 (GCVE-0-2025-63735)
Vulnerability from cvelistv5
Published
2025-11-25 00:00
Modified
2025-11-26 14:49
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
  • n/a
Summary
A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-63735",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-26T14:48:51.497012Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-26T14:49:35.101Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-25T21:15:24.534Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.ruckusnetworks.com/products/network-control-and-management/controller-less/"
        },
        {
          "url": "https://github.com/huthx/CVE-2025-63735-Ruckus-Unleashed-Reflected-XSS"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-63735",
    "datePublished": "2025-11-25T00:00:00.000Z",
    "dateReserved": "2025-10-27T00:00:00.000Z",
    "dateUpdated": "2025-11-26T14:49:35.101Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-63735\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-11-25T22:15:47.860\",\"lastModified\":\"2025-12-30T16:35:33.290\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_r770_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF81CF2D-A11B-4195-B22A-673276566428\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_r770:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8239367-AEE8-423F-BC64-679AC2FAF927\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_r670_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"293DCF6F-ECF4-4985-8955-2220CC9D8E87\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_r670:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA5470FB-90BC-49D9-9E8F-4BB28E7BCA12\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_r370_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29EC5E1F-17C7-4FF9-A691-64BD68107A67\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_r370:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC73F4FB-D887-4AC0-9608-A441042C19E5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_r850_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8076B8-E7B3-4899-A673-7BE7DD1B6186\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_r850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46DF836A-ED86-4A19-8595-17645859F743\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_r750_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D9ED5C6-542E-45CA-881E-48366833D4C4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_r750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DE5EC57-07AE-4594-B69E-B666751FEA72\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_r650_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2D3B9F7-1F87-493A-BF5C-3D2A8B0934F2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_r650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03053ED5-8EFB-4F12-BC9B-ABD12C063252\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_r550_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71356513-4AFC-42B6-AD4C-9D09E27F41D2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_r550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2F49D1B-F585-430F-9993-EE531C2B9ACB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_r350_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"411801C9-CDEB-42F2-B028-9C2B2189B6B4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_r350:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C18AFFA4-F8D7-41FD-AAB4-3186FB313248\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_r350e_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA40226F-5025-4A0F-B5A8-6E2FDD462AE4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_r350e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F19EFC9-3609-4EC5-AC43-44FD287C63B4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_t670_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84CBD090-00A9-42E0-A7BB-4B90A4D55ADE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_t670:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD823CE3-D3AD-4A78-B6C5-DDC969E26A5A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_t670sn_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35290058-7230-4385-84B3-E391CF159DCE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_t670sn:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6A40BFA-72B6-45C4-BF1D-D9C650BDDF36\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_t750_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68A260AA-66F5-4F38-886B-6DE7B0322E33\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_t750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4520C8DD-2131-4E59-A44D-CA9A90F28DA0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_t750se_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"486B3F9E-18C7-4929-9E2F-284A21093A97\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_t750se:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD0E86D8-171E-4B2B-8597-78E7C5666894\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_t350c_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4FC9968-A4BC-42F8-838B-538B01EF577E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_t350c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3638A20C-5618-4865-B3E0-7F957E684C1F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_t350d_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76A0D71E-720B-4458-8493-93364EEF7442\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_t350d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92A36E50-A8AF-4565-84A9-D6CFABB9B2D2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_t350se_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3F6D6AB-7874-4FE5-BD79-5BAADAC97FCD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_t350se:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69203961-038C-4514-BB8A-F32436816668\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_h550_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB74F4C7-5160-4784-8ABE-3476E8E5B7C6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_h550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C36FE505-2B49-4ADE-B0F0-D3BB1A075786\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ruckusnetworks:unleashed_h350_firmware:200.13.6.1.319:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEE39DFB-13CC-4A80-BE72-A437879219FE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ruckusnetworks:unleashed_h350:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71AE9A32-D55A-40E0-A9F5-CAFE7154BB78\"}]}]}],\"references\":[{\"url\":\"https://github.com/huthx/CVE-2025-63735-Ruckus-Unleashed-Reflected-XSS\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.ruckusnetworks.com/products/network-control-and-management/controller-less/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-63735\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-26T14:48:51.497012Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-26T14:49:30.415Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.ruckusnetworks.com/products/network-control-and-management/controller-less/\"}, {\"url\": \"https://github.com/huthx/CVE-2025-63735-Ruckus-Unleashed-Reflected-XSS\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-11-25T21:15:24.534Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-63735\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-26T14:49:35.101Z\", \"dateReserved\": \"2025-10-27T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-11-25T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.