ACTIVELY EXPLOITED3 sources verified·1 min read
By Lyrie Threat Intelligence·5/12/2023
CVE-2023-25717 added to CISA KEV: Ruckus Wireless Multiple Products
Status: ✅ Confirmed exploited in the wild
Date added: 2023-05-12
Required action: Apply updates per vendor instructions or disconnect product if it is end-of-life.
Due date: 2023-06-02
Why this matters
Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.
Sources
Lyrie Verdict
Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.