A number of vulnerabilities that stay unpatched in Ruckus Wi-fi administration merchandise might be exploited to completely compromise the community setting they serve.
The problems have an effect on Ruckus Wi-fi Digital SmartZone (vSZ) and Ruckus Community Director (RND), and vary from uauthenticated distant code execution to hardcoded passwords or SSH private and non-private keys.
Ruckus vSZ is a centralized wi-fi community controller that may handle tens of hundreds of Ruckus entry factors and shoppers, permitting configuration, monitoring, and controlling large-scale WiFi deployments. Ruckus RND is a administration instrument for vSZ clusters.
The 2 merchandise are usually utilized by massive organizations and public entities in want of scalable and sturdy WiFi infrastructure.
The vulnerabilities had been reported to Carnegie Mellon College’s CERT Coordination Middle (CERT/CC) by Noam Moshe, a member of Team82, Claroty’s analysis division.
Neither CERT/CC nor Moshe had been in a position to contact Ruckus Wi-fi (now Ruckus Networks) or its mother or father firm, CommScope, in regards to the safety issues, which stay unfixed on the time of publishing.
The issues impacting the 2 Ruckus Networks merchandise acquired identifiers and are described as follows:
- CVE-2025-44957 – hardcoded secrets and techniques in vSZ that permit bypassing authentication and admin-level entry utilizing crafted HTTP headers and legitimate API keys
- CVE-2025-44962 – path traversal in vSZ that enables arbitrary file reads for authenticated customers
- CVE-2025-44954 – vSZ has hardcoded default public/personal SSH keys that enables anybody to connect with weak units with root entry
- CVE-2025-44960 – vSZ has an API route with a user-controlled parameter that is not sanitized, permitting execution of arbitrary working system instructions
- CVE-2025-44961 – command injection in vSZ permits an authenticated consumer to provide an unsanitized IP tackle to an OS command
- CVE-2025-44963 – RND makes use of a hardcoded backend JWT secret key, permitting anybody with it to forge legitimate admin session tokens
- CVE-2025-44955 – RND features a “jailed” setting with a built-in jailbreak utilizing a weak, hardcoded password to achieve root entry
- CVE-2025-6243 – RND features a root-privileged consumer (sshuser) with hardcoded public/personal SSH keys that permit root entry
- CVE-2025-44958 – RND encrypts saved passwords with a hardcoded weak secret key and might return them in plaintext if compromised
Though severity scores haven’t been calculated, CERT/CC highlights the broad affect of the vulnerabilities, their potential for exploitation, and the likelihood to chain them for a extra impactful assault.
“[The] affect of those vulnerabilities varies from info leakage to whole compromise of the wi-fi setting managed by the affected merchandise,” reads the bulletin.
“For instance, an attacker with community entry to Ruckus Wi-fi vSZ can exploit CVE-2025-44954 to achieve full administrator entry that may result in whole compromise of the vSZ wi-fi administration setting.”
“Moreover, a number of vulnerabilities will be chained to create chained assaults that may permit the attacker to mix assaults to bypass any safety controls that forestall solely particular assaults.”
With no patches obtainable and no clear info on once they may be launched, directors with Ruckus vSZ and RND on their community are really useful to restrict entry to Ruckus administration interfaces to remoted, trusted networks and implement entry over safe protocols solely.
BleepingComputer tried to contact Ruckus through a number of communication channels, however we had been unable to succeed in out.
Whereas cloud assaults could also be rising extra subtle, attackers nonetheless succeed with surprisingly easy methods.
Drawing from Wiz’s detections throughout hundreds of organizations, this report reveals 8 key methods utilized by cloud-fluent menace actors.
