CVE-2025-67304 is a critical security vulnerability affecting Ruckus Network Director (RND) versions earlier than 4.5.0.54. The vulnerability arises from the presence of hardcoded credentials embedded within the OVA appliance for the PostgreSQL database user. By default, the PostgreSQL service listens on TCP port 5432 and is accessible over the network without additional authentication barriers. An attacker who connects to this service can use the hardcoded credentials to authenticate remotely with superuser privileges. This elevated access allows the attacker to perform several malicious actions: creating new administrative users for the RND web interface, extracting password hashes stored in the database, and executing arbitrary commands on the underlying operating system. The root cause is categorized under CWE-798 (Use of Hard-coded Credentials), a well-known security anti-pattern that severely undermines system security. The vulnerability has a CVSS v3.1 base score of 9.8, reflecting its critical nature with network attack vector, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability. Although no public exploits have been reported yet, the vulnerability's characteristics make it highly exploitable. The lack of patch links in the provided data suggests that remediation may require upgrading to version 4.5.0.54 or later, or applying vendor-provided mitigations once available. This vulnerability poses a significant risk to organizations relying on Ruckus Network Director for network management, especially those exposing the PostgreSQL service to untrusted networks.

The impact of CVE-2025-67304 is severe and multifaceted. Attackers gaining superuser access to the PostgreSQL database can fully compromise the Ruckus Network Director environment. This includes the ability to create or modify administrative accounts, effectively granting persistent and stealthy control over the network management interface. Extraction of password hashes can lead to credential reuse attacks or offline cracking, further escalating compromise. Execution of arbitrary OS commands allows attackers to pivot within the network, deploy malware, or disrupt network operations. The compromise of network management infrastructure can lead to widespread network outages, data breaches, and loss of trust in network security. Organizations worldwide that use Ruckus Network Director in their infrastructure risk exposure to these impacts, particularly if the PostgreSQL service is accessible from untrusted networks or the internet. The critical severity and ease of exploitation mean that even relatively unsophisticated attackers could leverage this vulnerability to cause significant damage.

To mitigate CVE-2025-67304, organizations should immediately upgrade Ruckus Network Director to version 4.5.0.54 or later, where the hardcoded credentials issue is resolved. Until an upgrade is possible, network administrators should restrict access to the PostgreSQL service by implementing strict firewall rules to limit connections to trusted management hosts only. Disabling remote access to the PostgreSQL port (5432) on the appliance is strongly recommended if remote database access is not required. Additionally, organizations should audit existing administrative accounts for unauthorized users and reset all credentials associated with the RND environment. Monitoring network traffic for unusual connections to port 5432 and enabling logging on the Ruckus appliance can help detect exploitation attempts. Employing network segmentation to isolate management interfaces from general user networks reduces exposure. Finally, organizations should stay informed about vendor advisories for patches or additional mitigations and apply them promptly.