CVE-2025-67304 affects Ruckus Network Director (RND) versions earlier than 4.5.0.54. The vulnerability arises because the OVA appliance image contains hardcoded credentials for the PostgreSQL database user. By default, the PostgreSQL service listens on TCP port 5432 and is accessible over the network. An attacker who can reach this port can authenticate using the hardcoded credentials without any additional authentication or user interaction. Once authenticated, the attacker gains superuser privileges on the PostgreSQL database, which allows them to perform several malicious actions. These include creating new administrative users for the RND web interface, extracting password hashes stored in the database, and executing arbitrary commands on the underlying operating system. This level of access effectively compromises the entire appliance, enabling persistent control and lateral movement within the network. The vulnerability stems from insecure default configuration and poor credential management in the appliance image. Although no public exploits have been reported yet, the ease of exploitation and the severity of potential impacts make this a critical security issue. The lack of a CVSS score requires an independent severity assessment based on the technical details and impact potential.

The impact of CVE-2025-67304 is severe for organizations using vulnerable Ruckus Network Director appliances. Attackers gaining superuser database access can fully compromise the network management system, undermining the confidentiality, integrity, and availability of network infrastructure. They can create administrative accounts to maintain persistent access, extract sensitive password hashes to facilitate further attacks, and execute arbitrary OS commands to deploy malware, pivot to other systems, or disrupt network operations. This can lead to widespread network outages, data breaches, and loss of trust in network security. Enterprises, service providers, and large organizations relying on Ruckus for network management are particularly at risk. The default exposure of the PostgreSQL service over the network increases the attack surface, especially if the appliance is deployed in less secure network segments or exposed to the internet. The absence of required user interaction and the use of hardcoded credentials make exploitation straightforward for attackers with network access, increasing the likelihood of compromise.

To mitigate CVE-2025-67304, organizations should immediately upgrade Ruckus Network Director to version 4.5.0.54 or later, where the vulnerability is addressed. If upgrading is not immediately possible, restrict network access to the PostgreSQL service on TCP port 5432 by implementing firewall rules or network segmentation to limit exposure only to trusted management hosts. Change any default or hardcoded credentials if possible, and audit existing administrative accounts for unauthorized additions. Monitor network traffic and logs for unusual access patterns to the PostgreSQL port. Employ host-based intrusion detection to detect suspicious OS command executions originating from the RND appliance. Additionally, consider deploying network-level intrusion prevention systems to block unauthorized access attempts. Regularly review and harden appliance configurations to avoid default insecure settings, and ensure that management interfaces are not exposed to untrusted networks. Finally, maintain an incident response plan to quickly address any detected compromise related to this vulnerability.