SOC Advisory – System Compromise Risks in RUCKUS SZ & RND (CVE-2025-44961, CVE-2025-44954, CVE-2025-44963) – 5 August 2025

Overview

CVE: CVE-2025-44961, CVE-2025-44954, CVE-2025-44963
Severity: Critical
Score: CVSS 9.9 (44961), CVSS 9.0 (44954, 44963)
Date: 5 August 2025

RUCKUS has disclosed three critical vulnerabilities in its SmartZone (SZ) and Network Director (RND) management platforms, creating a risk of complete system compromise. The flaws, which include command injection, a hardcoded SSH key, and JWT authentication bypass, can grant an attacker full administrative control and arbitrary code execution.

Affected Versions

• RUCKUS SmartZone: All versions before 6.1.2p3 Refresh Build
• RUCKUS Network Director: All versions before 4.5

Vulnerability Breakdown

CVE-2025-44961 (SmartZone)

• Description: An OS command injection vulnerability exists in an IP address field.
• Score: CVSS 9.9 (Critical)
• Impact: An authenticated administrator can execute arbitrary commands as the root user, leading to a complete system takeover.
• Risk: This allows a user with credentials to gain full control of the appliance.

CVE-2025-44954 (SmartZone)

• Description: The system contains a hardcoded SSH private key for a root-equivalent user.
• Score: CVSS 9.0 (Critical)
• Impact: An attacker in possession of this hardcoded private key could gain root-level SSH access to the appliance, bypassing standard authentication.
• Risk: The primary risk lies in the potential for this static key to be extracted from firmware and used in widespread attacks.

CVE-2025-44963 (Network Director)

• Description: The system uses a hardcoded secret key for signing administrator JSON Web Tokens (JWT).
• Score: CVSS 9.0 (Critical)
• Impact: An attacker who knows the hardcoded secret can forge a valid JWT, bypassing authentication entirely and gaining full administrative privileges.
• Risk: This allows for a complete and stealthy takeover of the Network Director platform if the secret key becomes known.

Mitigation

• RUCKUS SmartZone: Immediately upgrade all controllers to version 6.1.2p3 Refresh Build or a later version.
• RUCKUS Network Director: Immediately upgrade to version 4.5 or a later version.
• As a compensating control, strictly limit access to the web and SSH management interfaces of all Ruckus controllers. Ensure they are only reachable from trusted internal networks and dedicated management subnets.

Summary for IT Teams

• Products: RUCKUS SmartZone and Network Director

• Threat Level: Critical

• Action:

  • Upgrade SZ controllers to 6.1.2p3 Refresh Build or newer.
  • Upgrade RND instances to version 4.5 or newer.
  • Isolate management interfaces from all untrusted networks.
  • Audit the systems for any signs of unauthorised access or configuration changes.

References

• Vulnerability Note VU#613753
• CVE-2025-44954
• CVE-2025-44961
• CVE-2025-44963
• RUCKUS Security Advisory

Need Help?

If your organisation requires assistance identifying affected systems, applying updates or adjusting controller configurations, our team is here to help. Email us via soc@secure-iss.com for assistance.