- Security scientists found nine deficiencies across two ruckus products
- The deficiencies are not yet patched so users have to take care of
- Users are advised to limit access to the wireless control environments
Almost a dozen vulnerabilities are found in two Ruckus Networks products, which could be abused to take full control of the network environments in which they operate.
Ruckus Networks (formerly Ruckus Wireless) is a network gear manufacturer whose products include Virtual Smart Zone (VSZ) and Ruckus Network Director (RND).
VSZ is a virtualized network control that manages ruckus access points and contacts. It is usually used by medium-sized to large companies for centralized control, scalability and advanced Wi-Fi control functions. RND, on the other hand, is a centralized network management platform used for implementation, monitoring and maintenance of large -scale ruckus cable and wireless networks.
Meaningful disturbance
At the time of the press, the vulnerabilities remain upon and put countless companies at risk.
According to Noam Moshe from Clarotys Research Arm -Team82, these two vulnerabilities:
- CVE-2025-44957-hardcoded Secrets in VSZ, which allows circumvention of approval and access to administration level using designed HTTP headings and valid API keys
- CVE-2025-44962-PATH TRAPERSAL IN VSZ THAT APPROVING ARRIVAL FILLING READING FOR APPROVED USERS
- CVE-2025-44954-VSZ HAS HARD CODE STANDARD PUBLIC/PRIVATE SSH KEYS WHICH SHOULD SHOULD ATTEMPT TO CONNECTING TO Vulnerable devices with Rod access
- CVE-2025-44960-VSZ has an API route with a user-controlled parameter not disinfected, allowing the performance of arbitrary operating system commands
- CVE-2025-44961 command in VSZ provides an approved user to deliver a unsanited IP address to an OS command
- CVE-2025-44963-RND uses a hard-coded backend JWT SECRET KEY so anyone with it can forge valid Admin session tokens
- CVE-2025-44955-RND includes a “imprisoned” environment with a built-in jailbreak using a weak, hard-coded password to get rod access
- CVE-2025-6243-RND includes a root-privileged user (Sshuser) with hard-coded public/private SSH keys allowing rod access
- CVE-2025-44958-RND encryptions stored passwords with a hard-coded weak secret key and can return them in plaintext if compromised
Moshe reported his conclusions to Carnegie Mellon University’s Cert Coordination Center (Cert/CC), which confirmed that the deficiencies can be abused to cause meaningful disruption of businesses.
“The impact of these vulnerabilities varies from information leakage to the total compromise with the wireless environment controlled by the affected products. As an example, an attacker with network access to Ruckus Wireless VSZ can utilize CVE-2025-44954 to get full administrator access, which will lead to the overall compromise with VSZ Wireless Management Equal.”
“In addition, several vulnerabilities may be bound to create chain attacks that can allow the striker to combine attacks to bypass all security checks that prevent specific attacks only.”
Serial results have not yet been awarded, and Ruckus has not yet arrived with a patch.
Therefore, to mitigate the risk, Cert/CC network administrators advise on limiting access to the wireless management environments using the affected products, providing a limited set of reliable users and their approved clients to manage Ruckus infrastructure through a secure protocol.
Via Bleeping computer
