Multiple vulnerabilities in Ruckus Wireless management products could be exploited to fully compromise the managed environments.
July 9, 2025 By Ionut Arghire
Ruckus Wireless Virtual SmartZone (vSZ) and Network Director (RND) products are affected by multiple vulnerabilities that could allow attackers to compromise managed environments.
Ruckus Wireless, now Ruckus Networks, is a provider of networking devices for venues with internet-connected systems, including hospitals, schools, and smart cities.
The company’s vSZ control software supports the management of large-scale networks – up to 10,000 Ruckus access points – while RND enables the management of multiple vSZ clusters.
A fresh alert from Carnegie Mellon University’s CERT Coordination Center (CERT/CC) draws attention to nine flaws that Claroty Team82 found in the two appliances, which could lead to authentication bypass, arbitrary file reads, and remote code execution (RCE).
The vSZ application contains multiple hardcoded secrets, including JWT Signing Key and API keys, which could allow attackers to access the appliance with high privileges. The issue is tracked as CVE-2025-44957.
