Detections
Analytics

CVE-2025-44963

No Score

Description

Hardcoded Secrets, including JWT token (CWE-321: Use of Hard-coded Cryptographic Key). RND uses a secret key on the backend web server to ensure that session JWTs are valid. This secret key is hardcoded into the web server. Anyone with knowledge of the secret key could create a valid JWT, thus bypassing the typical authentication to access the server with administrator privileges.

References

https://www.helpnetsecurity.com/2025/07/10/ruckus-network-management-solutions-riddled-with-unpatched-vulnerabilities/

https://www.bleepingcomputer.com/news/security/ruckus-networks-leaves-severe-flaws-unpatched-in-management-devices/

https://kb.cert.org/vuls/id/613753

Details

Source: Mitre, NVD

Published: 2025-07-10