CVE-2025-67304
Published: 19 February 2026
Summary
CVE-2025-67304 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Commscope Ruckus Network Director. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
IA-5 mandates proper management of authenticators, explicitly prohibiting hardcoded or default credentials like those for the ruckus PostgreSQL database user.
SC-7 requires boundary protection to monitor and control communications, blocking remote network access to the exposed PostgreSQL service on TCP port 5432.
CM-7 enforces least functionality by prohibiting or restricting unnecessary ports, protocols, and services such as the default exposure of PostgreSQL on TCP 5432.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hardcoded credentials enable default account abuse (T1078.001) and public-facing service exploitation (T1190); DB superuser access facilitates OS command execution (T1059.004), credential dumping (T1003), and local admin account creation (T1136.001).
NVD Description
In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the…
more
hardcoded credentials to authenticate remotely, gaining superuser access to the database. This allows creation of administrative users for the web interface, extraction of password hashes, and execution of arbitrary OS commands.
Deeper analysisAI
CVE-2025-67304 is a critical vulnerability in Ruckus Network Director (RND) versions prior to 4.5.0.54, specifically affecting the OVA appliance deployment. It stems from hardcoded credentials (CWE-798) for the "ruckus" PostgreSQL database user. In the default configuration, the PostgreSQL service is exposed over the network on TCP port 5432, allowing remote authentication with these static credentials and granting superuser access to the database.
An unauthenticated attacker with network connectivity to the exposed PostgreSQL port can exploit this vulnerability with low complexity. Successful exploitation provides superuser privileges in the database, enabling the creation of administrative users in the RND web interface, extraction of password hashes, and execution of arbitrary operating system commands. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting its high impact on confidentiality, integrity, and availability.
Advisories recommend upgrading to RND version 4.5.0.54 or later to remediate the hardcoded credentials. Additional guidance on mitigation and exploitation details is provided in the Marlink Cyber advisory (MCSAID-2025-009) at https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-009-ruckus-nd-hardcoded-postgresql-credentials-rce.md and the CommScope security bulletin at https://webresources.commscope.com/download/assets/RUCKUS+Network+Director%3A+Critical+Security+Bypass+Vulnerability+Leading+to+Remote+Code+Execution+and/3adeb3acb69211f08a46b6532db37357.
Details
- CWE(s)