Vulnerabilities

Report: CVE-2025-69425 - Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE

2026-01-09 0 views admin

CVE ID : CVE-2025-69425 Published : Jan. 9, 2026, 5:15 p.m. | 2 hours, 10 minutes ago Description : The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compromise. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-69425

Severity

CRITICAL

Published

Jan. 9, 2026

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-69425critical

Report: CVE-2025-69425 - Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-22689 - Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthe

Complete Guide to CVE-2026-22685 - DevToys Path Traversal (“Zip Slip”) Vulnerability in DevToys Extension Installation

Essential Guide: CVE-2026-22611 - AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value

Update: CVE-2026-22693 - Null Pointer Dereference in SubtableUnicodesCache::create leading to DoS

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting