CVE-2025-44954 – RUCKUS SmartZone network controllers before ver... (How to Fix)

Q: What is the severity of CVE-2025-44954?

CVE-2025-44954 has a CVSS score of 9.0 (CRITICAL). RUCKUS SmartZone network controllers before version 6.1.2p3 Refresh Build contain a hardcoded SSH private key for a root-equivalent account, allowing attackers with network access to authenticate as root without credentials. This affects all organizations running vulnerable SmartZone software versions. The vulnerability enables complete system compromise.

📋 TL;DR

RUCKUS SmartZone network controllers before version 6.1.2p3 Refresh Build contain a hardcoded SSH private key for a root-equivalent account, allowing attackers with network access to authenticate as root without credentials. This affects all organizations running vulnerable SmartZone software versions. The vulnerability enables complete system compromise.

💻 Affected Systems

Products:

RUCKUS SmartZone (SZ) network controllers

Versions: All versions before 6.1.2p3 Refresh Build

Operating Systems: RUCKUS SmartZone OS

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with vulnerable versions are affected regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with root access, allowing installation of persistent backdoors, data exfiltration, network pivoting, and disruption of wireless network services.

🟠

Likely Case

Unauthorized root access leading to configuration changes, credential harvesting, and lateral movement within the network infrastructure.

🟢

If Mitigated

Limited impact if network segmentation restricts access to management interfaces and SSH is disabled on external interfaces.

🌐 Internet-Facing: HIGH - If management interfaces are exposed to the internet, attackers can directly exploit this without internal access.

🏢 Internal Only: HIGH - Even internally, any user with network access to the management interface can gain root privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only the hardcoded private key and SSH access to the management interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.1.2p3 Refresh Build or later

Vendor Advisory: https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e

Restart Required: Yes

Instructions:

1. Download the patch from RUCKUS support portal. 2. Backup current configuration. 3. Apply the patch following vendor instructions. 4. Restart the SmartZone controller. 5. Verify SSH keys have been regenerated.

🔧 Temporary Workarounds

Disable SSH access

linux

Disable SSH service on management interfaces to prevent exploitation

# Disable SSH service
systemctl stop sshd
systemctl disable sshd

Network segmentation

linux

Restrict network access to SmartZone management interfaces using firewall rules

# Example iptables rule to restrict SSH access
iptables -A INPUT -p tcp --dport 22 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

🧯 If You Can't Patch

Isolate SmartZone controllers from untrusted networks using firewall rules
Implement strict network segmentation and monitor for SSH authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check SSH authorized_keys file for hardcoded public key or verify version is below 6.1.2p3 Refresh Build

Check Version:

show version | grep "SmartZone"

Verify Fix Applied:

Verify version is 6.1.2p3 Refresh Build or later and check that SSH keys have been regenerated

📡 Detection & Monitoring

Log Indicators:

SSH authentication attempts using the hardcoded key
Unexpected root login events
Configuration changes from unknown sources

Network Indicators:

SSH connections to SmartZone management interfaces from unexpected sources
Unusual outbound connections from SmartZone controllers

SIEM Query:

source="smartzone" AND (event="ssh_login" AND user="root") OR (event="configuration_change" AND actor!="authorized_user")

📊 Metadata

CVE ID: CVE-2025-44954

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-1394

EPSS Score: 0.05% exploit probability (16.6th percentile)

Published: August 4, 2025

Last Updated: August 7, 2025

🔗 References

https://claroty.com/team82/disclosure-dashboard/cve-2025-44954 Third Party Advisory
https://kb.cert.org/vuls/id/613753 Third Party Advisory,US Government Resource
https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-44954, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ruckus Smartzone Firmware by Commscope

Ruckus Smartzone Firmware by Commscope

Ruckus Smartzone Firmware by Commscope

Ruckus Smartzone Firmware by Commscope

Ruckus Smartzone Firmware by Commscope

Ruckus Smartzone Firmware by Commscope

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable SSH access

Network segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities