CVE-2025-63735

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2025-11-25

Last updated on: 2025-12-30

Assigner: MITRE

Description

A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-11-25

Last Modified

2025-12-30

Generated

2026-05-07

AI Q&A

2025-11-26

EPSS Evaluated

2026-05-05

NVD

CVE-2025-63735

EUVD

EUVD-2025-199653

Affected Vendors & Products

Vendor	Product	Version / Range
ruckusnetworks	unleashed_r770_firmware	200.13.6.1.319
ruckusnetworks	unleashed_r770	*
ruckusnetworks	unleashed_r670_firmware	200.13.6.1.319
ruckusnetworks	unleashed_r670	*
ruckusnetworks	unleashed_r370_firmware	200.13.6.1.319
ruckusnetworks	unleashed_r370	*
ruckusnetworks	unleashed_r850_firmware	200.13.6.1.319
ruckusnetworks	unleashed_r850	*
ruckusnetworks	unleashed_r750_firmware	200.13.6.1.319
ruckusnetworks	unleashed_r750	*
ruckusnetworks	unleashed_r650_firmware	200.13.6.1.319
ruckusnetworks	unleashed_r650	*
ruckusnetworks	unleashed_r550_firmware	200.13.6.1.319
ruckusnetworks	unleashed_r550	*
ruckusnetworks	unleashed_r350_firmware	200.13.6.1.319
ruckusnetworks	unleashed_r350	*
ruckusnetworks	unleashed_r350e_firmware	200.13.6.1.319
ruckusnetworks	unleashed_r350e	*
ruckusnetworks	unleashed_t670_firmware	200.13.6.1.319
ruckusnetworks	unleashed_t670	*
ruckusnetworks	unleashed_t670sn_firmware	200.13.6.1.319
ruckusnetworks	unleashed_t670sn	*
ruckusnetworks	unleashed_t750_firmware	200.13.6.1.319
ruckusnetworks	unleashed_t750	*
ruckusnetworks	unleashed_t750se_firmware	200.13.6.1.319
ruckusnetworks	unleashed_t750se	*
ruckusnetworks	unleashed_t350c_firmware	200.13.6.1.319
ruckusnetworks	unleashed_t350c	*
ruckusnetworks	unleashed_t350d_firmware	200.13.6.1.319
ruckusnetworks	unleashed_t350d	*
ruckusnetworks	unleashed_t350se_firmware	200.13.6.1.319
ruckusnetworks	unleashed_t350se	*
ruckusnetworks	unleashed_h550_firmware	200.13.6.1.319
ruckusnetworks	unleashed_h550	*
ruckusnetworks	unleashed_h350_firmware	200.13.6.1.319
ruckusnetworks	unleashed_h350	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-79	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability is a reflected Cross Site Scripting (XSS) issue in Ruckus Unleashed version 200.13.6.1.319. It occurs via the 'name' parameter in the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp, allowing an attacker to inject malicious scripts that are reflected back to the user.

How can this vulnerability impact me? :

This vulnerability can allow attackers to execute malicious scripts in the context of a user's browser, potentially leading to session hijacking, theft of sensitive information, or redirection to malicious sites.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2025-63735

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart