CVE-2025-69426
CRITICALRuckus vRIoT IoT Controller <3.0.0.0 - Privilege Escalation
Title source: llmDescription
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can escape the container and execute arbitrary OS commands as root on the underlying vRIoT controller, resulting in complete system compromise.
References (2)
Core 2
Core References
Various Sources vendor-advisory
patch
https://support.ruckuswireless.com/security_bulletins/336
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/ruckus-vriot-iot-controller-hardcoded-ssh-credentials-rce
Scores
CVSS v4
10.0
EPSS
0.0039
EPSS Percentile
30.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-732
CWE-798
Status
published
Products (3)
RUCKUS Networks/vRIoT IOT Controller
2.3.0.0 (GA) - 3.0.0.0 (GA)
RUCKUS Networks/vRIoT IOT Controller
2.3.1.0 (MR) - 3.0.0.0 (GA)
RUCKUS Networks/vRIoT IOT Controller
2.4.0.0 (GA) - 3.0.0.0 (GA)
Published
Jan 09, 2026
Tracked Since
Feb 18, 2026