CVE-2025-44961 PUBLISHED

Assigner: mitre
Reserved: 22.04.2025 Published: 04.08.2025 Updated: 05.08.2025

In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9.9

Product Status

Vendor RUCKUS
Product SmartZone
Versions Default: unknown
  • affected from 0 to 6.1.2p3 Refresh Build (excl.)

References

Problem Types

  • CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE