A number of vulnerabilities that stay unpatched in Ruckus Wi-fi administration merchandise may very well be exploited to totally compromise the community atmosphere they serve.
The problems have an effect on Ruckus Wi-fi Digital SmartZone (vSZ) and Ruckus Community Director (RND), and vary from uauthenticated distant code execution to hardcoded passwords or SSH private and non-private keys.
Ruckus vSZ is a centralized wi-fi community controller that may handle tens of 1000’s of Ruckus entry factors and purchasers, permitting configuration, monitoring, and controlling large-scale WiFi deployments. Ruckus RND is a administration software for vSZ clusters.
The 2 merchandise are sometimes utilized by massive organizations and public entities in want of scalable and sturdy WiFi infrastructure.
The vulnerabilities had been reported to Carnegie Mellon College’s CERT Coordination Middle (CERT/CC) by Noam Moshe, a member of Team82, Claroty’s analysis division.
Neither CERT/CC nor Moshe had been capable of contact Ruckus Wi-fi (now Ruckus Networks) or its mum or dad firm, CommScope, in regards to the safety issues, which stay unfixed on the time of publishing.
The issues impacting the 2 Ruckus Networks merchandise acquired identifiers and are described as follows:
CVE-2025-44957 – hardcoded secrets and techniques in vSZ that permit bypassing authentication and admin-level entry utilizing crafted HTTP headers and legitimate API keys
CVE-2025-44962 – path traversal in vSZ that enables arbitrary file reads for authenticated customers
CVE-2025-44954 – vSZ has hardcoded default public/non-public SSH keys that enables anybody to hook up with weak units with root entry
CVE-2025-44960 – vSZ has an API route with a user-controlled parameter that is not sanitized, permitting execution of arbitrary working system instructions
CVE-2025-44961 – command injection in vSZ permits an authenticated consumer to produce an unsanitized IP handle to an OS command
CVE-2025-44963 – RND makes use of a hardcoded backend JWT secret key, permitting anybody with it to forge legitimate admin session tokens
CVE-2025-44955 – RND features a “jailed” atmosphere with a built-in jailbreak utilizing a weak, hardcoded password to realize root entry
CVE-2025-6243 – RND features a root-privileged consumer (sshuser) with hardcoded public/non-public SSH keys that permit root entry
CVE-2025-44958 – RND encrypts saved passwords with a hardcoded weak secret key and may return them in plaintext if compromised
Though severity scores haven’t been calculated, CERT/CC highlights the broad impression of the vulnerabilities, their potential for exploitation, and the chance to chain them for a extra impactful assault.
“(The) impression of those vulnerabilities varies from info leakage to whole compromise of the wi-fi atmosphere managed by the affected merchandise,” reads the bulletin.
“For instance, an attacker with community entry to Ruckus Wi-fi vSZ can exploit CVE-2025-44954 to realize full administrator entry that may result in whole compromise of the vSZ wi-fi administration atmosphere.”
“Moreover, a number of vulnerabilities will be chained to create chained assaults that may permit the attacker to mix assaults to bypass any safety controls that forestall solely particular assaults.”
With no patches obtainable and no clear info on after they could be launched, directors with Ruckus vSZ and RND on their community are really useful to restrict entry to Ruckus administration interfaces to remoted, trusted networks and implement entry over safe protocols solely.
BleepingComputer tried to contact Ruckus by way of a number of communication channels, however we had been unable to achieve out.
Whereas cloud assaults could also be rising extra subtle, attackers nonetheless succeed with surprisingly easy strategies.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key strategies utilized by cloud-fluent menace actors.
