CVE-2025-44954
Published: 04 August 2025
Summary
CVE-2025-44954 is a critical-severity Use of Default Cryptographic Key (CWE-1394) vulnerability in Commscope Ruckus Smartzone Firmware. Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 42.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23526
Vulnerability details
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hardcoded SSH private key for root-equivalent account enables unauthenticated remote access using default credentials via SSH.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.