Detections
Analytics

CVE-2025-44960

No Score

Description

Remote Code Execution (CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')). A parameter in a vSZ API route is user-controlled and not sanitized before being executed in an OS command. An attacker could supply a malicious payload to result in code execution.

References

https://www.helpnetsecurity.com/2025/07/10/ruckus-network-management-solutions-riddled-with-unpatched-vulnerabilities/

https://www.securityweek.com/unpatched-ruckus-vulnerabilities-allow-wireless-environment-hacking/

https://www.bleepingcomputer.com/news/security/ruckus-networks-leaves-severe-flaws-unpatched-in-management-devices/

https://kb.cert.org/vuls/id/613753

Details

Source: Mitre, NVD

Published: 2025-07-10