CVE-2025-44957
HIGHDescription
Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
Is your site exposed to CVE-2025-44957?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| commscope | ruckus_smartzone_firmware |
| commscope | ruckus_smartzone_firmware |
| commscope | ruckus_smartzone_firmware |
| commscope | ruckus_smartzone_firmware |
| commscope | ruckus_smartzone_firmware |
| commscope | ruckus_smartzone_firmware |
| commscope | ruckus_virtual_smartzone |
| commscope | ruckus_virtual_smartzone-federal |
| commscope | ruckus_c110 |
| commscope | ruckus_e510 |
| commscope | ruckus_h320 |
| commscope | ruckus_h350 |
| commscope | ruckus_h510 |
| commscope | ruckus_m510 |
| commscope | ruckus_r320 |
| commscope | ruckus_r510 |
| commscope | ruckus_r560 |
| commscope | ruckus_r610 |
| commscope | ruckus_r710 |
| commscope | ruckus_r720 |
| commscope | ruckus_r730 |
| commscope | ruckus_r750 |
| commscope | ruckus_smartzone_100 |
| commscope | ruckus_smartzone_100-d |
| commscope | ruckus_smartzone_144 |
| commscope | ruckus_smartzone_144-federal |
| commscope | ruckus_smartzone_300 |
| commscope | ruckus_smartzone_300-federal |
| commscope | ruckus_t310c |
| commscope | ruckus_t310d |
| commscope | ruckus_t310n |
| commscope | ruckus_t310s |
| commscope | ruckus_t350se |
| commscope | ruckus_t750 |
| commscope | ruckus_t750se |
| commscope | ruckus_network_director |
References
Frequently Asked Questions
What is CVE-2025-44957? +
How severe is CVE-2025-44957? +
What products are affected by CVE-2025-44957? +
How do I check if I'm vulnerable to CVE-2025-44957? +
Related Vulnerabilities
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and …
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface …
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service …
This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API …
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to …
In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If …