CVE Vulnerabilities

CVE-2025-44957

Authentication Bypass Using an Alternate Path or Channel

Published: Aug 04, 2025 | Modified: Aug 07, 2025
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.

Weakness

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Software

Name Vendor Start Version End Version
Ruckus_smartzone_firmware Commscope * 6.1.2 (excluding)
Ruckus_smartzone_firmware Commscope 6.1.2 (including) 6.1.2 (including)
Ruckus_smartzone_firmware Commscope 6.1.2-p2 (including) 6.1.2-p2 (including)
Ruckus_smartzone_firmware Commscope 6.1.2-p3 (including) 6.1.2-p3 (including)
Ruckus_smartzone_firmware Commscope 7.0.0 (including) 7.0.0 (including)
Ruckus_smartzone_firmware Commscope 7.1.0 (including) 7.1.0 (including)

Potential Mitigations

References