← back
CVE-2025-44954

CVE-2025-44954

CVSS 9 CRITICALEPSS 0.7%CWE-1394
In short

RUCKUS SmartZone versions before 6.1.2p3 contain a hardcoded SSH private key embedded in the system that allows anyone with access to the software to log in as a root-level user. This is critical because attackers can gain complete control over the network device without needing valid credentials.

Technical detail

A hardcoded SSH private key exists for a privileged user account in RUCKUS SmartZone prior to 6.1.2p3 Refresh Build. An attacker with network access or who obtains the software binary can extract the private key and establish authenticated SSH sessions with root-equivalent privileges, achieving complete system compromise without authentication bypass techniques.

Summary generated and translated by AI from the official description.
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
RUCKUS · SmartZone

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://claroty.com/team82/disclosure-dashboard/cve-2025-44954https://kb.cert.org/vuls/id/613753https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e