CVE-2025-44963

CRITICAL

RUCKUS Network Director <4.5 - Auth Bypass

Title source: llm

Description

RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.

References (4)

[Third Party Advisory] https://claroty.com/team82/disclosure-dashboard/cve-2025-44963

[Third Party Advisory] https://kb.cert.org/vuls/id/613753

[Vendor Advisory] https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/613753

Scores

CVSS v3 9.0

EPSS 0.0011

EPSS Percentile 28.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-321

Status published

Products (1)

commscope/ruckus_network_director < 4.5.0.0

Published Aug 04, 2025

Tracked Since Feb 18, 2026