CVE-2025-56752

A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to /user.cgi.

Published: Sep 3, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-56752
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.4
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
ruijie / rg-es228gs-p_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es228gs-p_firmware	esw_1.0(1)b1p35	esw_1.0(1)b1p35.x
ruijie / rg-es228gs-p_firmware	esw_1.0(1)b1p39	esw_1.0(1)b1p39.x
ruijie / rg-es209gc-p_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es209gc-p_firmware	esw_1.0(1)b1p35	esw_1.0(1)b1p35.x
ruijie / rg-es209gc-p_firmware	esw_1.0(1)b1p39	esw_1.0(1)b1p39.x
ruijie / rg-es205gc-p_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es205gc-p_firmware	esw_1.0(1)b1p35	esw_1.0(1)b1p35.x
ruijie / rg-es205gc-p_firmware	esw_1.0(1)b1p39	esw_1.0(1)b1p39.x
ruijie / rg-es205gc_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es205gc_firmware	esw_1.0(1)b1p35	esw_1.0(1)b1p35.x
ruijie / rg-es205gc_firmware	esw_1.0(1)b1p39	esw_1.0(1)b1p39.x
ruijie / rg-es208gc_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es208gc_firmware	esw_1.0(1)b1p35	esw_1.0(1)b1p35.x
ruijie / rg-es208gc_firmware	esw_1.0(1)b1p39	esw_1.0(1)b1p39.x
ruijie / rg-es206gs-p_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es206gs-p_firmware	esw_1.0(1)b1p35	esw_1.0(1)b1p35.x
ruijie / rg-es206gs-p_firmware	esw_1.0(1)b1p39	esw_1.0(1)b1p39.x
ruijie / rg-es210gs-p_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es210gs-p_firmware	esw_1.0(1)b1p35	esw_1.0(1)b1p35.x
ruijie / rg-es210gs-p_firmware	esw_1.0(1)b1p39	esw_1.0(1)b1p39.x
ruijie / rg-es218gc-p_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es218gc-p_firmware	esw_1.0(1)b1p35	esw_1.0(1)b1p35.x
ruijie / rg-es226gc-p_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es226gc-p_firmware	esw_1.0(1)b1p35	esw_1.0(1)b1p35.x
ruijie / rg-es206gc-p_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es206gc-p_firmware	esw_1.0(1)b1p35	esw_1.0(1)b1p35.x
ruijie / rg-es216gc_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es224gc_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es210gc-lp_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es206mg-p_firmware	esw_1.0(1)b1p42_release(12142711)	esw_1.0(1)b1p42_release(12142711).x
ruijie / rg-es209mg-p_firmware	esw_1.0(1)b1p42_release(12142711)	esw_1.0(1)b1p42_release(12142711).x
ruijie / rg-nis2100-8gt2sfp-hp_firmware	esw_1.0(1)b1p39	esw_1.0(1)b1p39.x
ruijie / rg-nis2100-4gt2sfp-hp_firmware	esw_1.0(1)b1p39	esw_1.0(1)b1p39.x
ruijie / rg-es216gc-v2_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es216gc-v2_firmware	esw_1.0(1)b1p35	esw_1.0(1)b1p35.x
ruijie / rg-es216gc-v2_firmware	esw_1.0(1)b1p39	esw_1.0(1)b1p39.x
ruijie / rg-es224gc-v2_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es224gc-v2_firmware	esw_1.0(1)b1p35	esw_1.0(1)b1p35.x
ruijie / rg-es224gc-v2_firmware	esw_1.0(1)b1p39	esw_1.0(1)b1p39.x
ruijie / rg-es220gs-p_firmware	esw_1.0(1)b1p27	esw_1.0(1)b1p27.x
ruijie / rg-es220gs-p_firmware	esw_1.0(1)b1p35	esw_1.0(1)b1p35.x
ruijie / rg-es220gs-p_firmware	esw_1.0(1)b1p39	esw_1.0(1)b1p39.x

https://github.com/TNCX-byte/Vulnerability_Research/blob/main/CVE-2025-56752/README.md

Vulnerability Database

308,681

CVE-2025-56752

Deep Security Visibility Without the Complexity