CVE-2025-44955
BaseFortify
Publication date: 2025-08-04
Last updated on: 2025-11-03
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| commscope | ruckus_network_director | to 4.5.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-44955 is a vulnerability in RUCKUS Network Director (RND) before version 4.5 where a jailed environment meant to restrict user access contains a built-in jailbreak mechanism protected by a weak, hardcoded password. This password allows anyone who knows it to bypass normal restrictions and gain root-level access to the RND server, effectively compromising the entire system. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to a complete compromise of the affected RND system by allowing an attacker with knowledge of the hardcoded password to gain root-level access. This means the attacker can bypass all normal security controls, potentially leading to unauthorized configuration changes, data breaches, disruption of network management, and full administrative control over the system. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Apply the patches released by Ruckus Networks specific to the affected products. Restrict access to the wireless management environments using RUCKUS Network Director to a trusted set of users and authenticated clients. Use secure protocols such as HTTPS or SSH for management access. Follow best security practices to limit exposure and prevent unauthorized access. [1, 2]