CVE-2025-67305

Name of the Vulnerable Software and Affected Versions RUCKUS Network Director versions prior to 4.5.0.56

Description RUCKUS Network Director (RND) OVA appliances include hardcoded SSH keys for the postgres user. These keys are consistent across all deployments. An attacker with network access can use these keys to authenticate via SSH without a password. Successful authentication grants access to the PostgreSQL database with superuser privileges, enabling the creation of administrative users for the web interface and potential privilege escalation.

Recommendations Update RUCKUS Network Director to version 4.5.0.56 or later.