CVE-2025-63735

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-63735
A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/huthx/CVE-2025-63735-Ruckus-Unleashed-Reflected-XSS Exploit Third Party Advisory
https://www.ruckusnetworks.com/products/network-control-and-management/controller-less/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:ruckuswireless:ruckus_unleashed:200.13.6.1.319:*:*:*:*:*:*:*
History

09 Jan 2026, 02:22

Type Values Removed Values Added
CPE cpe:2.3:o:ruckusnetworks:unleashed_r370_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r350_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r550:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_t750_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r350e:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_t670_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_t750:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_t350c:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r670:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r350:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_h350_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r750:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r750_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r370:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_t750se_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_h550_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_t670sn:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r770:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_h550:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r670_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_h350:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r770_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_t350d_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r650:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_t750se:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r850_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r350e_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_t350se_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_t670:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_t350se:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r650_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_t350c_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_t350d:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_t670sn_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r550_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r850:-:*:*:*:*:*:*:*		 cpe:2.3:a:ruckuswireless:ruckus_unleashed:200.13.6.1.319:*:*:*:*:*:*:*
First Time Ruckuswireless ruckus Unleashed
Ruckuswireless

30 Dec 2025, 16:35

Type Values Removed Values Added
First Time Ruckusnetworks unleashed T750se
Ruckusnetworks unleashed R350e
Ruckusnetworks unleashed H350
Ruckusnetworks unleashed R650
Ruckusnetworks unleashed R650 Firmware
Ruckusnetworks unleashed R770
Ruckusnetworks unleashed H350 Firmware
Ruckusnetworks unleashed R850
Ruckusnetworks unleashed T750se Firmware
Ruckusnetworks unleashed T350d
Ruckusnetworks unleashed R770 Firmware
Ruckusnetworks unleashed R750 Firmware
Ruckusnetworks
Ruckusnetworks unleashed T350se
Ruckusnetworks unleashed R750
Ruckusnetworks unleashed R550
Ruckusnetworks unleashed R370
Ruckusnetworks unleashed R350
Ruckusnetworks unleashed H550
Ruckusnetworks unleashed T670
Ruckusnetworks unleashed T750 Firmware
Ruckusnetworks unleashed R670 Firmware
Ruckusnetworks unleashed T670sn
Ruckusnetworks unleashed R670
Ruckusnetworks unleashed R350 Firmware
Ruckusnetworks unleashed T350c Firmware
Ruckusnetworks unleashed R550 Firmware
Ruckusnetworks unleashed T350c
Ruckusnetworks unleashed T670sn Firmware
Ruckusnetworks unleashed R350e Firmware
Ruckusnetworks unleashed T350d Firmware
Ruckusnetworks unleashed T670 Firmware
Ruckusnetworks unleashed R370 Firmware
Ruckusnetworks unleashed T750
Ruckusnetworks unleashed H550 Firmware
Ruckusnetworks unleashed T350se Firmware
Ruckusnetworks unleashed R850 Firmware
References () https://github.com/huthx/CVE-2025-63735-Ruckus-Unleashed-Reflected-XSS - () https://github.com/huthx/CVE-2025-63735-Ruckus-Unleashed-Reflected-XSS - Exploit, Third Party Advisory
References () https://www.ruckusnetworks.com/products/network-control-and-management/controller-less/ - () https://www.ruckusnetworks.com/products/network-control-and-management/controller-less/ - Product
CPE cpe:2.3:o:ruckusnetworks:unleashed_r370_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r350_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r550:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_t750_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r350e:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_t670_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_t750:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_t350c:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r670:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r350:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_h350_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r750:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r750_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r370:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_t750se_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_h550_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_t670sn:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r770:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_h550:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r670_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_h350:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r770_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_t350d_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r650:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_t750se:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r850_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r350e_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_t350se_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_t670:-:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_t350se:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r650_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_t350c_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_t350d:-:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_t670sn_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:o:ruckusnetworks:unleashed_r550_firmware:200.13.6.1.319:*:*:*:*:*:*:*
cpe:2.3:h:ruckusnetworks:unleashed_r850:-:*:*:*:*:*:*:*

26 Nov 2025, 15:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.1
CWE CWE-79

25 Nov 2025, 22:16

Type Values Removed Values Added
New CVE
Information

Published : 2025-11-25 22:15

Updated : 2026-01-09 02:22

NVD link : CVE-2025-63735

Mitre link : CVE-2025-63735

CVE.ORG link : CVE-2025-63735

JSON object : View

Products Affected

ruckuswireless

  • ruckus_unleashed
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')