In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the PostgreSQL database with superuser privileges, create administrative users for the web interface, and potentially escalate privileges further.
CVE-2025-67305
NONE
EPSS 0.05%
Updated Feb 20, 2026
PostgreSQL
CVE Details
CVE ID
CVE-2025-67305
Published Date
Feb 19, 2026
Vendor
PostgreSQL
Severity
NONE
Exploit Prediction (EPSS)
Probability of Exploit
0.05%
Likelihood of exploitation in next 30 days
Percentile:
16.9th percentile (higher than 16.9% of all CVEs)
Standard patching cycle
Impact
Minimal impact
Source
View Advisory