{"id":63186,"date":"2025-08-09T04:31:41","date_gmt":"2025-08-09T04:31:41","guid":{"rendered":""},"modified":"2025-09-28T06:48:29","modified_gmt":"2025-09-28T12:48:29","slug":"cve-2025-44961-os-command-injection-vulnerability-in-ruckus-smartzone-prior-to-6-1-2p3-refresh-build","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-44961-os-command-injection-vulnerability-in-ruckus-smartzone-prior-to-6-1-2p3-refresh-build\/","title":{"rendered":"CVE-2025-44961: OS Command Injection Vulnerability in RUCKUS SmartZone Prior to 6.1.2p3 Refresh Build<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In this post, we will be delving into the details of a high severity vulnerability, CVE-2025-44961, that affects RUCKUS SmartZone (SZ) versions before the 6.1.2p3 Refresh Build. This vulnerability allows authenticated users to perform an OS command injection via an IP address field. The consequences of successful exploitation could lead to a potential system compromise or data leakage, making this vulnerability a significant risk<\/a> to any organization using the affected versions of RUCKUS SmartZone.
\nThis vulnerability is particularly concerning due to the widespread usage of RUCKUS SmartZone<\/a> in managing Wi-Fi networks. As such, successful exploitation could have far-reaching implications for both network integrity and data security<\/a> within affected organizations.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-44961
\nSeverity: Critical (CVSS score 9.9)
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: Required
\nImpact: Potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n