{"id":63288,"date":"2025-08-09T06:32:12","date_gmt":"2025-08-09T06:32:12","guid":{"rendered":""},"modified":"2025-10-20T15:23:13","modified_gmt":"2025-10-20T21:23:13","slug":"cve-2025-44954-critical-vulnerability-in-ruckus-smartzone-due-to-hardcoded-ssh-private-key","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-44954-critical-vulnerability-in-ruckus-smartzone-due-to-hardcoded-ssh-private-key\/","title":{"rendered":"CVE-2025-44954: Critical Vulnerability in RUCKUS SmartZone Due to Hardcoded SSH Private Key<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In today’s interconnected world, cybersecurity vulnerabilities can pose significant threats to organizations and users alike. One such vulnerability has been discovered in RUCKUS SmartZone (SZ), a popular network management software platform that provides unified management for RUCKUS access points and switches. This vulnerability, identified as CVE-2025-44954, is of particular concern due to its potential for system<\/a> compromise or data leakage.
\nThe vulnerability arises from the presence of a hardcoded SSH private<\/a> key for a root-equivalent user account in versions of RUCKUS SmartZone before 6.1.2p3 Refresh Build. In essence, this means that an attacker could potentially gain unauthorized access<\/a> to these systems and execute commands with the highest level of privileges, potentially leading to serious data breaches or system compromises.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

– CVE ID: CVE-2025-44954
\n– Severity: Critical – CVSS Score 9.0
\n– Attack Vector: Network
\n– Privileges Required: None
\n– User Interaction: None
\n– Impact: System compromise and potential<\/a> data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n