CVE-2025-44963

Critical

Published: 04 August 2025

Published

04 August 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0011 28.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-44963 is a critical-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Commscope Ruckus Network Director. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-12 (Cryptographic Key Establishment and Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-12 Cryptographic Key Establishment and Management good match

prevent

Establishes and manages cryptographic keys in accordance with defined requirements, directly preventing the use of hardcoded secret keys for JWT signing and verification.

SI-2 Flaw Remediation good match

prevent

Requires organizations to identify, report, and correct flaws like hardcoded cryptographic keys, enabling timely patching to remediate this CVE.

IA-5 Authenticator Management good match

prevent

Manages system authenticators including cryptographic secrets for JWTs to ensure they are securely generated, distributed, and protected against hardcoding.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1606 Forge Web Credentials Credential Access

Adversaries may forge credential materials that can be used to gain access to web applications or Internet services.

attack.mitre.org →

Why these techniques?

Hardcoded JWT secret key enables forging administrator tokens for authentication bypass (T1606) via exploitation of the public-facing web management application (T1190).

NVD Description

RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.

Deeper analysisAI

CVE-2025-44963 is a critical vulnerability in RUCKUS Network Director (RND) versions prior to 4.5 that enables attackers to spoof administrator JSON Web Tokens (JWTs) by exploiting a hardcoded secret key value. Assigned CWE-321 (Use of Hard-coded Cryptographic Key), it carries a CVSS v3.1 base score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H), reflecting high confidentiality, integrity, and availability impacts with changed scope.

An unauthenticated attacker accessible over the network can exploit this flaw if they know the hardcoded secret key, which has a high attack complexity but requires no user interaction or privileges. Successful exploitation allows forging valid administrator JWTs, potentially granting full administrative control over the RND instance and enabling arbitrary actions such as data exfiltration, configuration changes, or service disruption.

Mitigation involves upgrading to RUCKUS Network Director 4.5 or later, as indicated by the vulnerability's affected version scope. Detailed advisories are available from Claroty's Team82 disclosure dashboard (https://claroty.com/team82/disclosure-dashboard/cve-2025-44963), CERT/CC vulnerability notes (https://kb.cert.org/vuls/id/613753), and CommScope's security advisory FAQ (https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e).