A number of vulnerabilities that stay unpatched in Ruckus Wi-fi administration merchandise may very well be exploited to completely compromise the community setting they serve.
The problems have an effect on Ruckus Wi-fi Digital SmartZone (vSZ) and Ruckus Community Director (RND), and vary from uauthenticated distant code execution to hardcoded passwords or SSH private and non-private keys.
Ruckus vSZ is a centralized wi-fi community controller that may handle tens of 1000’s of Ruckus entry factors and shoppers, permitting configuration, monitoring, and controlling large-scale WiFi deployments. Ruckus RND is a administration device for vSZ clusters.
The 2 merchandise are usually utilized by giant organizations and public entities in want of scalable and sturdy WiFi infrastructure.
The vulnerabilities had been reported to Carnegie Mellon College’s CERT Coordination Heart (CERT/CC) by Noam Moshe, a member of Team82, Claroty’s analysis division.
Neither CERT/CC nor Moshe had been capable of contact Ruckus Wi-fi (now Ruckus Networks) or its guardian firm, CommScope, concerning the safety issues, which stay unfixed on the time of publishing.
The issues impacting the 2 Ruckus Networks merchandise obtained identifiers and are described as follows:
- CVE-2025-44957 – hardcoded secrets and techniques in vSZ that permit bypassing authentication and admin-level entry utilizing crafted HTTP headers and legitimate API keys
- CVE-2025-44962 – path traversal in vSZ that enables arbitrary file reads for authenticated customers
- CVE-2025-44954 – vSZ has hardcoded default public/non-public SSH keys that enables anybody to hook up with weak gadgets with root entry
- CVE-2025-44960 – vSZ has an API route with a user-controlled parameter that is not sanitized, permitting execution of arbitrary working system instructions
- CVE-2025-44961 – command injection in vSZ permits an authenticated consumer to produce an unsanitized IP tackle to an OS command
- CVE-2025-44963 – RND makes use of a hardcoded backend JWT secret key, permitting anybody with it to forge legitimate admin session tokens
- CVE-2025-44955 – RND features a “jailed” setting with a built-in jailbreak utilizing a weak, hardcoded password to achieve root entry
- CVE-2025-6243 – RND features a root-privileged consumer (sshuser) with hardcoded public/non-public SSH keys that permit root entry
- CVE-2025-44958 – RND encrypts saved passwords with a hardcoded weak secret key and might return them in plaintext if compromised
Though severity scores haven’t been calculated, CERT/CC highlights the broad influence of the vulnerabilities, their potential for exploitation, and the chance to chain them for a extra impactful assault.
“[The] influence of those vulnerabilities varies from data leakage to whole compromise of the wi-fi setting managed by the affected merchandise,” reads the bulletin.
“For example, an attacker with community entry to Ruckus Wi-fi vSZ can exploit CVE-2025-44954 to achieve full administrator entry that can result in whole compromise of the vSZ wi-fi administration setting.”
“Moreover, a number of vulnerabilities might be chained to create chained assaults that may permit the attacker to mix assaults to bypass any safety controls that stop solely particular assaults.”
With no patches accessible and no clear data on after they is perhaps launched, directors with Ruckus vSZ and RND on their community are really useful to restrict entry to Ruckus administration interfaces to remoted, trusted networks and implement entry over safe protocols solely.
BleepingComputer tried to contact Ruckus by way of a number of communication channels, however we had been unable to achieve out.
Whereas cloud assaults could also be rising extra subtle, attackers nonetheless succeed with surprisingly easy strategies.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key strategies utilized by cloud-fluent menace actors.
