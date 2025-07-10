Vulnerability Management, Network Security

Total network compromise likely with unpatched Ruckus flaws

Threat actors could leverage nine unpatched vulnerabilities impacting Ruckus Wireless Virtual SmartZone and Ruckus Network Director instances to facilitate the complete compromise of networks belonging to enterprises and major public organizations that commonly use the offerings to support their Wi-Fi infrastructure, according to BleepingComputer.

Ruckus Wireless vSZ is affected by the hardcoded default public/private SSH key issue, tracked as CVE-2025-44954; hardcoded secrets flaw, tracked as CVE-2025-44957; API route bug, tracked as CVE-2025-44960; command injection vulnerability, tracked as CVE-2025-44961; and path traversal defect, tracked as CVE-2025-44962. On the other hand, RND is affected by flaws involving a jailed environment with built-in jailbreak, stored password encryption with weak secret keys, hardcoded backend JWT secret key, and a root-privileged user with hardcoded SSH keys, tracked as CVE-2025-44955, CVE-2025-44958, CVE-2025-44963, CVE-2025-6243, respectively. "...[M]ultiple vulnerabilities can be chained to create chained attacks that can allow the attacker to combine attacks to bypass any security controls that prevent only specific attacks," said CERT/CC.

