CVE-2023-25717 — Ruckus Wireless Multiple Products

Multiple Ruckus Wireless Products CSRF and RCE Vulnerability

Added to KEV

2023-05-12

Federal due date

2023-06-02

Vendor

Ruckus Wireless

Product

Multiple Products

EPSS

99.9th percentile (score 0.942, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2023-25717

CISA short description

Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.

Required action

Apply updates per vendor instructions or disconnect product if it is end-of-life.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.