Detections
Analytics

CVE-2025-44957

No Score

Description

Hardcoded Secrets, including JWT Signing Key, API keys in Code (CWE-287: Improper Authentication). Multiple secrets are hardcoded into the vSZ application, making them vulnerable to access thus allowing elevated privileges. Using HTTP headers and a valid API key, it is possible to logically bypass the authentication methods, providing administrator-level access to anyone that does this.

References

https://www.helpnetsecurity.com/2025/07/10/ruckus-network-management-solutions-riddled-with-unpatched-vulnerabilities/

https://www.securityweek.com/unpatched-ruckus-vulnerabilities-allow-wireless-environment-hacking/

https://www.bleepingcomputer.com/news/security/ruckus-networks-leaves-severe-flaws-unpatched-in-management-devices/

https://kb.cert.org/vuls/id/613753

Details

Source: Mitre, NVD

Published: 2025-07-10