Remotely Exploitable Vulnerability in Ruckus vRIoT IoT Controller Firmware
CVE-2025-69426
What is CVE-2025-69426?
The Ruckus vRIoT IoT Controller firmware prior to version 3.0.0.0 (GA) is vulnerable due to hardcoded credentials embedded in an initialization script. The SSH service is exposed to the network without adequate IP-based restrictions, allowing an attacker to gain unauthorized access. Even with configurations that disable SCP and pseudo-TTY allocation, an attacker can utilize the hardcoded credentials to authenticate, enabling SSH local port forwarding and gaining access to the Docker socket. This vulnerability permits the attacker to mount the host filesystem via Docker, potentially escaping the container and executing arbitrary commands as root on the vRIoT controller, leading to complete compromise of the system.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
vRIoT IOT Controller 2.3.0.0 (GA) < 3.0.0.0 (GA)
vRIoT IOT Controller 2.3.1.0 (MR) < 3.0.0.0 (GA)
vRIoT IOT Controller 2.4.0.0 (GA) < 3.0.0.0 (GA)
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved