A number of vulnerabilities that stay unpatched in Ruckus Wi-fi administration merchandise may very well be exploited to totally compromise the community atmosphere they serve.
The problems have an effect on Ruckus Wi-fi Digital SmartZone (vSZ) and Ruckus Community Director (RND), and vary from uauthenticated distant code execution to hardcoded passwords or SSH private and non-private keys.
Ruckus vSZ is a centralized wi-fi community controller that may handle tens of 1000’s of Ruckus entry factors and shoppers, permitting configuration, monitoring, and controlling large-scale WiFi deployments. Ruckus RND is a administration software for vSZ clusters.
The 2 merchandise are usually utilized by giant organizations and public entities in want of scalable and sturdy WiFi infrastructure.
The vulnerabilities have been reported to Carnegie Mellon College’s CERT Coordination Middle (CERT/CC) by Noam Moshe, a member of Team82, Claroty’s analysis division.
Neither CERT/CC nor Moshe have been in a position to contact Ruckus Wi-fi (now Ruckus Networks) or its mum or dad firm, CommScope, in regards to the safety issues, which stay unfixed on the time of publishing.
The issues impacting the 2 Ruckus Networks merchandise acquired identifiers and are described as follows:
- CVE-2025-44957 – hardcoded secrets and techniques in vSZ that permit bypassing authentication and admin-level entry utilizing crafted HTTP headers and legitimate API keys
- CVE-2025-44962 – path traversal in vSZ that enables arbitrary file reads for authenticated customers
- CVE-2025-44954 – vSZ has hardcoded default public/non-public SSH keys that enables anybody to connect with susceptible gadgets with root entry
- CVE-2025-44960 – vSZ has an API route with a user-controlled parameter that is not sanitized, permitting execution of arbitrary working system instructions
- CVE-2025-44961 – command injection in vSZ permits an authenticated person to provide an unsanitized IP deal with to an OS command
- CVE-2025-44963 – RND makes use of a hardcoded backend JWT secret key, permitting anybody with it to forge legitimate admin session tokens
- CVE-2025-44955 – RND features a “jailed” atmosphere with a built-in jailbreak utilizing a weak, hardcoded password to achieve root entry
- CVE-2025-6243 – RND features a root-privileged person (sshuser) with hardcoded public/non-public SSH keys that permit root entry
- CVE-2025-44958 – RND encrypts saved passwords with a hardcoded weak secret key and may return them in plaintext if compromised
Though severity scores haven’t been calculated, CERT/CC highlights the broad affect of the vulnerabilities, their potential for exploitation, and the likelihood to chain them for a extra impactful assault.
“[The] affect of those vulnerabilities varies from info leakage to whole compromise of the wi-fi atmosphere managed by the affected merchandise,” reads the bulletin.
“For instance, an attacker with community entry to Ruckus Wi-fi vSZ can exploit CVE-2025-44954 to achieve full administrator entry that may result in whole compromise of the vSZ wi-fi administration atmosphere.”
“Moreover, a number of vulnerabilities may be chained to create chained assaults that may permit the attacker to mix assaults to bypass any safety controls that forestall solely particular assaults.”
With no patches out there and no clear info on once they may be launched, directors with Ruckus vSZ and RND on their community are beneficial to restrict entry to Ruckus administration interfaces to remoted, trusted networks and implement entry over safe protocols solely.
BleepingComputer tried to contact Ruckus by way of a number of communication channels, however we have been unable to achieve out.
Whereas cloud assaults could also be rising extra subtle, attackers nonetheless succeed with surprisingly easy methods.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key methods utilized by cloud-fluent menace actors.
