CVE-2025-44961

CriticalRCE

Published: 04 August 2025

Published

04 August 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0039 60.2th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-44961 is a critical-severity OS Command Injection (CWE-78) vulnerability in Commscope Ruckus Smartzone Firmware. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 39.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Command and Scripting Interpreter (T1059) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 directly prevents OS command injection by requiring validation of user-supplied IP address inputs to reject malicious command sequences.

SI-2 Flaw Remediation good match

prevent

SI-2 ensures timely remediation of the specific command injection flaw through vendor patching to versions like 6.1.2p3 Refresh Build.

AC-6 Least Privilege partial match

prevent

AC-6 limits the potential impact of command injection by enforcing least privilege on the process handling the vulnerable IP address field.

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

The vulnerability enables authenticated remote code execution via OS command injection in an unsanitized IP address field, abusing command and scripting interpreters (T1059) and exploiting remote management services (T1210).

NVD Description

In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.

Deeper analysisAI

CVE-2025-44961 is an OS command injection vulnerability (CWE-78) affecting RUCKUS SmartZone (SZ) controllers in versions before 6.1.2p3 Refresh Build. The flaw arises when an authenticated user supplies a malicious IP address field, enabling arbitrary operating system command execution. It carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and potential for high-impact disruption across confidentiality, integrity, and availability with a change in scope.

An attacker with low-privilege authenticated access to the RUCKUS SmartZone interface can exploit this vulnerability remotely over the network without user interaction. By injecting commands into the IP address field, they can achieve remote code execution, potentially leading to full system compromise, data exfiltration, service disruption, or further lateral movement within the network.

Mitigation guidance is available in vendor and third-party advisories, including CommScope's security advisory (ID 20250710), CERT/CC vulnerability note VU#613753, and Claroty's Team82 disclosure. Affected systems should be upgraded to RUCKUS SmartZone 6.1.2p3 Refresh Build or later to address the issue.