CVE-2025-69425
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-01-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruckus | vrioiot_controller | to 3.0.0.0 (exc) |
| ruckus | vrioiot_controller | 2.4.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-69425 is a critical vulnerability in Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA). It exposes a command execution service on TCP port 2004 that runs with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the device or a compromised appliance can generate valid authentication tokens and execute arbitrary operating system commands with root privileges, resulting in complete system compromise. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow a remote attacker to bypass authentication and access controls on the affected Ruckus IoT Controller, gaining shell access with root privileges. This means the attacker can execute any operating system command with full control over the device, potentially leading to complete system compromise, unauthorized access to sensitive data, disruption of services, and further attacks within the network. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by scanning your network for devices running the Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 that have TCP port 2004 open. Since the vulnerable service runs on TCP port 2004 with root privileges, a simple network scan using tools like nmap can help identify exposed devices. For example, you can run: nmap -p 2004 <target-ip-range> to check for open port 2004. Additionally, inspecting the device firmware version to confirm if it is prior to 3.0.0.0 is necessary. However, no specific commands for authentication token testing or exploitation are provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Ruckus vRIoT IoT Controller firmware to a fixed version. The recommended stable software release addressing these vulnerabilities is RUCKUS IoT 2.4.0.0 (GA) vRIoT Server Software Release for HyperVisor, distributed as a .tar.gz upgrade image. Additionally, restricting network access to TCP port 2004 to trusted hosts only and monitoring for any suspicious activity on this port can help reduce risk until the upgrade is applied. [1]