These vulnerabilities, disclosed on July 8, 2025, affect wireless network management systems that can scale up to 10,000 access points and 150,000 connected clients, making them particularly concerning for large-scale deployments in schools, hospitals, and smart cities.
Key Takeaways
1. Ruckus vSZ and RND vulnerabilities enable authentication bypass, hardcoded secrets exploitation, and remote code execution leading to full system compromise.
2. JWT keys, API keys, SSH keys, and passwords are embedded in software, allowing easy administrator access without complex attacks.
3. Affects management systems controlling up to 10,000 access points and 150,000 clients in enterprise environments like schools and hospitals.
4. Vendor hasn't released fixes; organizations must immediately isolate affected systems to trusted networks with limited access.
The most severe vulnerabilities stem from hardcoded cryptographic secrets embedded within the software architecture.
CVE-2025-44957 exposes hardcoded JWT signing keys and API keys that enable complete authentication bypass, allowing attackers to gain administrator-level access using HTTP headers and valid API keys.
Similarly, CVE-2025-44954 represents an unauthenticated remote code execution vulnerability caused by hardcoded default RSA public and private keys in the SSH configuration.
This vulnerability exploits a built-in user account with root privileges, where the default cryptographic keys are identical across all Ruckus deployments.
Network Director faces comparable issues with CVE-2025-44963, which involves hardcoded JWT secret keys that attackers can exploit to create valid authentication tokens.
Additionally, CVE-2025-44955 exposes a hardcoded password within the jailed environment designed for device configuration, while CVE-2025-6243 reveals hardcoded SSH public keys for the privileged ‘sshuser’ account.
CVE-2025-44960 demonstrates OS command injection through unsanitized user-controlled parameters in vSZ API routes, enabling attackers to execute arbitrary commands.
CVE-2025-44961 presents another RCE vulnerability where IP address parameters lack proper sanitization, allowing command injection attacks.
CVE-2025-44962 introduces directory traversal capabilities through relative path manipulation, enabling authenticated users to read sensitive files outside designated directories using “../” sequences.
CVE-2025-44958 compounds these risks by storing passwords in a recoverable format using weak encryption with hardcoded keys, potentially exposing all user credentials if the system is compromised.
| CVE | Description | Severity |
| CVE-2025-44957 | Hardcoded Secrets – Authentication bypass | Critical |
| CVE-2025-44954 | Unauthenticated RCE – Built-in user with root privileges accessible | Critical |
| CVE-2025-44960 | Remote Code Execution – Unsanitized user-controlled parameters in vSZ API routes | Critical |
| CVE-2025-44961 | Remote Code Execution- Unsanitized IP address parameters in OS commands | Critical |
| CVE-2025-44963 | Hardcoded JWT secret key in RND backend – Hardcoded secret enables JWT token creation | Critical |
| CVE-2025-44955 | Hardcoded jailbreak password in RND – Weak hardcoded password for privilege escalation | High |
| CVE-2025-6243 | Hardcoded SSH public key for ‘sshuser’ – Default SSH keys for privileged user account | High |
| CVE-2025-44962 | Authenticated arbitrary file read – Directory traversal | Medium |
| CVE-2025-44958 | Recoverable password storage – Weak encryption with hardcoded keys | Medium |
Currently, no vendor patches are available for these vulnerabilities. The CERT Coordination Center recommends implementing strict network isolation for affected Ruckus wireless management environments.
Network administrators should limit access to trusted users only and ensure these systems operate within isolated management networks. Secure protocols such as HTTPS and SSH should be enforced for all management communications.
These vulnerabilities can be chained together to create sophisticated attack vectors that bypass individual security controls, potentially leading to complete wireless infrastructure compromise.
Organizations using Ruckus Virtual SmartZone or Network Director should immediately assess their network segmentation and access controls while awaiting vendor remediation.
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now
The post Critical Ruckus Wireless Vulnerabilities Exposes Enterprise Wireless Networks appeared first on Cyber Security News.
SUGARLOAF, Pa. (AP) — For John Zola, the 40 acres were like a paradise: apple…
If open enrollment comes to pass, John White said his town could benefit from students…
Rock Valley College is celebrating a major milestone in their partnership with Northern Illinois University.…
A critical vulnerability in AVideo, a widely used open-source video hosting and streaming platform. Tracked…
Womanspace and Tad More Tailoring partnered to host the "Restyle the Runway" event Saturday afternoon…
A new weekend has arrived, and today, you can save on Mario Kart World for…
This website uses cookies.