CVE-2025-63735
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-63735, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-25

Last updated on: 2025-12-30

Assigner: MITRE

Description

A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-25
Last Modified
2025-12-30
Generated
2026-07-06
AI Q&A
2025-11-26
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 36 associated CPEs
Vendor Product Version / Range
ruckusnetworks unleashed_r770_firmware 200.13.6.1.319
ruckusnetworks unleashed_r770 *
ruckusnetworks unleashed_r670_firmware 200.13.6.1.319
ruckusnetworks unleashed_r670 *
ruckusnetworks unleashed_r370_firmware 200.13.6.1.319
ruckusnetworks unleashed_r370 *
ruckusnetworks unleashed_r850_firmware 200.13.6.1.319
ruckusnetworks unleashed_r850 *
ruckusnetworks unleashed_r750_firmware 200.13.6.1.319
ruckusnetworks unleashed_r750 *
ruckusnetworks unleashed_r650_firmware 200.13.6.1.319
ruckusnetworks unleashed_r650 *
ruckusnetworks unleashed_r550_firmware 200.13.6.1.319
ruckusnetworks unleashed_r550 *
ruckusnetworks unleashed_r350_firmware 200.13.6.1.319
ruckusnetworks unleashed_r350 *
ruckusnetworks unleashed_r350e_firmware 200.13.6.1.319
ruckusnetworks unleashed_r350e *
ruckusnetworks unleashed_t670_firmware 200.13.6.1.319
ruckusnetworks unleashed_t670 *
ruckusnetworks unleashed_t670sn_firmware 200.13.6.1.319
ruckusnetworks unleashed_t670sn *
ruckusnetworks unleashed_t750_firmware 200.13.6.1.319
ruckusnetworks unleashed_t750 *
ruckusnetworks unleashed_t750se_firmware 200.13.6.1.319
ruckusnetworks unleashed_t750se *
ruckusnetworks unleashed_t350c_firmware 200.13.6.1.319
ruckusnetworks unleashed_t350c *
ruckusnetworks unleashed_t350d_firmware 200.13.6.1.319
ruckusnetworks unleashed_t350d *
ruckusnetworks unleashed_t350se_firmware 200.13.6.1.319
ruckusnetworks unleashed_t350se *
ruckusnetworks unleashed_h550_firmware 200.13.6.1.319
ruckusnetworks unleashed_h550 *
ruckusnetworks unleashed_h350_firmware 200.13.6.1.319
ruckusnetworks unleashed_h350 *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a reflected Cross Site Scripting (XSS) issue in Ruckus Unleashed version 200.13.6.1.319. It occurs via the 'name' parameter in the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp, allowing an attacker to inject malicious scripts that are reflected back to the user.

Impact Analysis

This vulnerability can allow attackers to execute malicious scripts in the context of a user's browser, potentially leading to session hijacking, theft of sensitive information, or redirection to malicious sites.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-63735. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart