CVE-2025-63735
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-25

Last updated on: 2025-12-30

Assigner: MITRE

Description
A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-25
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-11-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-63735
EUVD
EUVD-2025-199653
Affected Vendors & Products
Showing 36 associated CPEs
Vendor Product Version / Range
ruckusnetworks unleashed_r770_firmware 200.13.6.1.319
ruckusnetworks unleashed_r770 *
ruckusnetworks unleashed_r670_firmware 200.13.6.1.319
ruckusnetworks unleashed_r670 *
ruckusnetworks unleashed_r370_firmware 200.13.6.1.319
ruckusnetworks unleashed_r370 *
ruckusnetworks unleashed_r850_firmware 200.13.6.1.319
ruckusnetworks unleashed_r850 *
ruckusnetworks unleashed_r750_firmware 200.13.6.1.319
ruckusnetworks unleashed_r750 *
ruckusnetworks unleashed_r650_firmware 200.13.6.1.319
ruckusnetworks unleashed_r650 *
ruckusnetworks unleashed_r550_firmware 200.13.6.1.319
ruckusnetworks unleashed_r550 *
ruckusnetworks unleashed_r350_firmware 200.13.6.1.319
ruckusnetworks unleashed_r350 *
ruckusnetworks unleashed_r350e_firmware 200.13.6.1.319
ruckusnetworks unleashed_r350e *
ruckusnetworks unleashed_t670_firmware 200.13.6.1.319
ruckusnetworks unleashed_t670 *
ruckusnetworks unleashed_t670sn_firmware 200.13.6.1.319
ruckusnetworks unleashed_t670sn *
ruckusnetworks unleashed_t750_firmware 200.13.6.1.319
ruckusnetworks unleashed_t750 *
ruckusnetworks unleashed_t750se_firmware 200.13.6.1.319
ruckusnetworks unleashed_t750se *
ruckusnetworks unleashed_t350c_firmware 200.13.6.1.319
ruckusnetworks unleashed_t350c *
ruckusnetworks unleashed_t350d_firmware 200.13.6.1.319
ruckusnetworks unleashed_t350d *
ruckusnetworks unleashed_t350se_firmware 200.13.6.1.319
ruckusnetworks unleashed_t350se *
ruckusnetworks unleashed_h550_firmware 200.13.6.1.319
ruckusnetworks unleashed_h550 *
ruckusnetworks unleashed_h350_firmware 200.13.6.1.319
ruckusnetworks unleashed_h350 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a reflected Cross Site Scripting (XSS) issue in Ruckus Unleashed version 200.13.6.1.319. It occurs via the 'name' parameter in the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp, allowing an attacker to inject malicious scripts that are reflected back to the user.

Impact Analysis

This vulnerability can allow attackers to execute malicious scripts in the context of a user's browser, potentially leading to session hijacking, theft of sensitive information, or redirection to malicious sites.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-63735. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart