Ruckus Networks security flaws left unpatched, putting thousands of devices at risk

• Security researchers found nine flaws across two Ruckus products
• The flaws have not yet been patched, so users should beware
• Users advised to limit access to the wireless management environments

Almost a dozen vulnerabilities have been found in two Ruckus Networks products which could be abused to take full control over the network environments they operate in.

Ruckus Networks (formerly Ruckus Wireless) is a networking gear manufacturer, whose products include Virtual Smart Zone (vSZ) and Ruckus Network Director (RND).

VSZ is a virtualized network controller that manages Ruckus access points and switches. It is usually used by medium to large enterprises for centralized control, scalability, and advanced Wi-Fi management features. RND, on the other hand, is a centralized network management platform used for deployment, monitoring, and maintenance of large-scale Ruckus wired and wireless networks.

Meaningful disruption

At press time, the vulnerabilities remain unpatched, putting countless businesses at risk.

According to Noam Moshe from Claroty’s research arm Team82, these two carried nine vulnerabilities:

• CVE-2025-44957 – hardcoded secrets in vSZ that allow bypassing authentication and admin-level access using crafted HTTP headers and valid API keys
• CVE-2025-44962 – path traversal in vSZ that allows arbitrary file reads for authenticated users
• CVE-2025-44954 – vSZ has hardcoded default public/private SSH keys that allows anyone to connect to vulnerable devices with root access
• CVE-2025-44960 – vSZ has an API route with a user-controlled parameter that isn't sanitized, allowing execution of arbitrary operating system commands
• CVE-2025-44961 – command injection in vSZ allows an authenticated user to supply an unsanitized IP address to an OS command
• CVE-2025-44963 – RND uses a hardcoded backend JWT secret key, allowing anyone with it to forge valid admin session tokens
• CVE-2025-44955 – RND includes a "jailed" environment with a built-in jailbreak using a weak, hardcoded password to gain root access
• CVE-2025-6243 – RND includes a root-privileged user (sshuser) with hardcoded public/private SSH keys that allow root access
• CVE-2025-44958 – RND encrypts stored passwords with a hardcoded weak secret key and can return them in plaintext if compromised

Moshe reported his findings to Carnegie Mellon University’s CERT Coordination Center (CERT/CC), who confirmed that the flaws can be abused to cause meaningful disruption to businesses.

“Impact of these vulnerabilities vary from information leakage to total compromise of the wireless environment managed by the affected products. As an example, an attacker with network access to Ruckus Wireless vSZ can exploit CVE-2025-44954 to gain full administrator access that will lead to total compromise of the vSZ wireless management environment,” the organization explained.

“Furthermore, multiple vulnerabilities can be chained to create chained attacks that can allow the attacker to combine attacks to bypass any security controls that prevent only specific attacks.”

Severity scores have not yet been assigned, and Ruckus has not yet come forward with a patch.

Therefore, to mitigate the risk, CERT/CC advises network admins to limit access to the wireless management environments using the affected products, allowing a limited set of trusted users and their authenticated clients to manage Ruckus infrastructure through a secure protocol.

Via BleepingComputer

You might also like

• Sony, JBL and Bose headphones all affected by major Bluetooth security flaw which could let hackers spy on you via microphone
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers