CVE-2025-44954
BaseFortify
Publication date: 2025-08-04
Last updated on: 2025-08-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| commscope | ruckus_smartzone_firmware | to 6.1.2 (exc) |
| commscope | ruckus_smartzone_firmware | 6.1.2 |
| commscope | ruckus_smartzone_firmware | 6.1.2 |
| commscope | ruckus_smartzone_firmware | 6.1.2 |
| commscope | ruckus_smartzone_firmware | 7.0.0 |
| commscope | ruckus_smartzone_firmware | 7.1.0 |
| commscope | ruckus_virtual_smartzone | * |
| commscope | ruckus_virtual_smartzone-federal | * |
| commscope | ruckus_c110 | * |
| commscope | ruckus_e510 | * |
| commscope | ruckus_h320 | * |
| commscope | ruckus_h350 | * |
| commscope | ruckus_h510 | * |
| commscope | ruckus_m510 | * |
| commscope | ruckus_r320 | * |
| commscope | ruckus_r510 | * |
| commscope | ruckus_r560 | * |
| commscope | ruckus_r610 | * |
| commscope | ruckus_r710 | * |
| commscope | ruckus_r720 | * |
| commscope | ruckus_r730 | * |
| commscope | ruckus_r750 | * |
| commscope | ruckus_smartzone_100 | * |
| commscope | ruckus_smartzone_100-d | * |
| commscope | ruckus_smartzone_144 | * |
| commscope | ruckus_smartzone_144-federal | * |
| commscope | ruckus_smartzone_300 | * |
| commscope | ruckus_smartzone_300-federal | * |
| commscope | ruckus_t310c | * |
| commscope | ruckus_t310d | * |
| commscope | ruckus_t310n | * |
| commscope | ruckus_t310s | * |
| commscope | ruckus_t350se | * |
| commscope | ruckus_t750 | * |
| commscope | ruckus_t750se | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1394 | The product uses a default cryptographic key for potentially critical functionality. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-44954 is a critical vulnerability in Ruckus Networks' Virtual SmartZone (vSZ) product caused by hardcoded default RSA public and private SSH keys embedded in a root-equivalent user account. This allows an attacker who obtains the private key to remotely access the device via SSH without authentication, gaining root-level remote code execution. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to gain unauthenticated root-level access to affected Ruckus devices, enabling them to execute arbitrary code remotely. This can lead to full compromise of the device, unauthorized control over network management, potential data breaches, and disruption of network services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of hardcoded default RSA private keys in the /home/$USER/.ssh/ directory of built-in user accounts with root-level privileges on Ruckus SmartZone devices. A suggested command to detect the private key file is: `ls -l /home/*/.ssh/` to look for suspicious or default key files. Additionally, you can attempt to identify SSH keys with known default fingerprints if available. Monitoring SSH login attempts using these keys or scanning for unauthorized SSH access to the device may also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the patches released by Ruckus Networks to address the hardcoded SSH private key vulnerability. Additionally, restrict access to wireless management environments using affected products by limiting management access to a trusted set of users and authenticated clients. Ensure that all management access is conducted over secure protocols such as HTTPS or SSH to reduce exposure. [1]