Detections
Analytics

CVE-2025-44954

No Score

Description

Unauthenticated RCE in SSH due to Hardcoded Default Public/Private Keys (CWE-1394: Use of Default Cryptographic Key). Ruckus vSZ has a built-in user with all of the same privileges as root. This user also has default public and private RSA keys in its /home/$USER/.ssh/ directory. Anyone with a Ruckus device would also have this private key and be able to ssh as this and then have root-level permissions.

References

https://www.helpnetsecurity.com/2025/07/10/ruckus-network-management-solutions-riddled-with-unpatched-vulnerabilities/

https://www.securityweek.com/unpatched-ruckus-vulnerabilities-allow-wireless-environment-hacking/

https://www.bleepingcomputer.com/news/security/ruckus-networks-leaves-severe-flaws-unpatched-in-management-devices/

https://kb.cert.org/vuls/id/613753

Details

Source: Mitre, NVD

Published: 2025-07-10