Data Continuity

Backup and recovery services are a necessity for todays modern networks. We can help to determine where and when your data needs to live to be sure it's always available

IT Consulting, Service and Management

Our decades of implementation and integration experience allows us to deliver best-of-class IT services to our customers

Cloud Services

With so many options and implementation scenarios available, let us help you determine how best to use new services available from the cloud.

Since 1996, our goal has been to help our clients maximize productivity and efficiency by expertly maintaining existing infrastructures, as well as designing and implementing new technologies, allowing them to continue growing into the future.

...

We focus on business process design and strategize and implement policies for continuous improvement and integration.
  • Knowledgeable and friendly staff
  • Flexible consumption-based pricing models
  • Online strategy and consulting services
  • Decades of experience
Our Services

News, updates, trends and the latest
info you need to know about IT

VU#746790: SMM callout vulnerabilities identified in Gigabyte UEFI firmware modules

Overview
System Management Mode (SMM) callout vulnerabilities have been identified in UEFI modules present in Gigabyte firmware. An attacker could exploit one or more of these vulnerabilities to elevate privileges and execute arbitrary code in the SMM environment of a UEFI-supported processor. While AMI (the original firmware supplier) has indicated that these vulnerabilities were previously addressed, they have resurfaced in Gigabyte firmware and are now being publicly disclosed.
Description
The Unified Extensible Firmware Interface (UEFI) specification defines an interface between an operating system (OS) and platform firmware. UEFI can interact directly with hardware using System Management Mode (SMM), a highly privileged CPU mode designed for handling low-level system operations. SMM operations are executed within a protected memory region called System Management RAM (SMRAM) and are only accessible through System Management Interrupt (SMI) handlers.
SMI handlers act as a gateway to SMM and process data passed via specific communication buffers. Improper validation of these buffers or untrusted pointers from CPU save state registers can lead to serious security risks, including SMRAM corruption and unauthorized SMM execution. An attacker could abuse these SMI handlers to execute arbitrary code within the early boot phases, recovery modes, or before the OS fully loads.
The following vulnerabilities were identified in Gigabyte firmware implementations:

CVE-2025-7029 : Unchecked use of the RBX register allows attacker control over OcHeader and OcData pointers used in power and thermal configuration logic, resulting in arbitrary SMRAM writes. (BRLY-2025-011)
CVE-2025-7028 : Lack of validation of function pointer structures derived from RBX and RCX allows attacker control over critical flash operations via FuncBlock, affecting functions like ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo. (BRLY-2025-010)
CVE-2025-7027 : Double pointer dereference vulnerability involving the location of memory write from an unvalidated NVRAM Variable SetupXtuBufferAddress NVRAM and the content for write from from an attacker-controlled pointer based on the RBX register, can be used write arbitrary content to SMRAM. (BRLY-2025-009)
CVE-2025-7026 : Attacker-controlled RBX register used as an unchecked pointer within the CommandRcx0 function allows writes to attacker-specified memory in SMRAM. (BRLY-2025-008)

According to AMI, these vulnerabilities were previously addressed via private disclosures, yet the vulnerable implementations remain in some OEM firmware builds such as in the case of Gigabyte. Gigabyte has issued updated firmware to address the vulnerabilities. Users are strongly advised to visit the Gigabyte support site to determine if their systems are affected and to apply the necessary updates.
Impact
An attacker with local or remote administrative privileges may exploit these vulnerabilities to execute arbitrary code in System Management Mode (Ring -2), bypassing OS-level protections. These vulnerabilities can be triggered via SMI handlers from within the operating system, or in certain cases, during early boot phases, sleep states, or recovery modes—before the OS fully loads.
Exploitation can disable UEFI security mechanisms such as Secure Boot and Intel BootGuard, enabling stealthy firmware implants and persistent control over the system. Because SMM operates below the OS, such attacks are also difficult to detect or mitigate using traditional endpoint protection tools.
Solution
Install the latest UEFI firmware updates provided by your PC vendor. Refer to the Vendor Information section below and Gigabyte’s security website for specific advisories and update instructions. Because these vulnerabilities may affect firmware supplied through the supply chain, other PC OEM vendors may also be impacted. Monitor the Vendor Information section for updates as they become available.
Acknowledgements
We thank the Binarly REsearch team for responsibly disclosing these vulnerabilities to CERT/CC. We also acknowledge Gigabyte’s PSIRT for their collaboration and timely response. This document was written by Vijay Sarvepalli.

VU#613753: Ruckus Virtual SmartZone (vSZ) and Ruckus Network Director (RND) contain multiple vulnerabilities

Overview
Multiple vulnerabilities have been identified in Ruckus Wireless management products, specifically Virtual SmartZone (vSZ) and Network Director (RND), including authentication bypass, hardcoded secrets, arbitrary file read by authenticated users, and unauthenticated remote code execution. These issues may allow full compromise of the environments managed by the affected software. At this time, we have not able to reach Ruckus Wireless or their parent company to include their response to these disclosed vulnerabilities, we recommend using these products only within isolated management networks accessible to trusted users.
Description
Ruckus Wireless is a company that provides networking devices for venues where many end points will be connected to the internet, such as schools, hospitals, multi-tenant residences, and smart cities that provide public Wi-Fi. Virtual SmartZone (vSZ) by Ruckus Wireless is a wireless network control software to virtually manage large-scale networks, up to a scale of 10,000 Ruckus access points and 150,000 connected clients. Ruckus Network Director (RND) is software for the management of multiple vSZ clusters on a single network.
Multiple vulnerabilities were reported in these Ruckus Wireless products that are described here:
[CVE-2025-44957] Hardcoded Secrets, including JWT Signing Key, API keys in Code (CWE-287: Improper Authentication). Multiple secrets are hardcoded into the vSZ application, making them vulnerable to access thus allowing elevated privileges. Using HTTP headers and a valid API key, it is possible to logically bypass the authentication methods, providing administrator-level access to anyone that does this.
[CVE-2025-44962] Authenticated Arbitrary File Read (CWE-23: Relative Path Traversal). Ruckus vSZ allows for users to download files from an allowed directory, but by hardcoding a directory path, a user could traverse other directory paths with ../ to read sensitive files.
[CVE-2025-44954] Unauthenticated RCE in SSH due to Hardcoded Default Public/Private Keys (CWE-1394: Use of Default Cryptographic Key). Ruckus vSZ has a built-in user with all of the same privileges as root. This user also has default public and private RSA keys in its /home/$USER/.ssh/ directory. Anyone with a Ruckus device would also have this private key and be able to ssh as this and then have root-level permissions.
[CVE-2025-44960] Remote Code Execution (CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)). A parameter in a vSZ API route is user-controlled and not sanitized before being executed in an OS command. An attacker could supply a malicious payload to result in code execution.
[CVE-2025-44961] Remote Code Execution (CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)). An authenticated vSZ user supplies an IP address as an argument to be run in an OS command, but this IP address is not sanitized. A user could supply other commands instead of an IP address to achieve RCE.
[CVE-2025-44963] Hardcoded Secrets, including JWT token (CWE-321: Use of Hard-coded Cryptographic Key). RND uses a secret key on the backend web server to ensure that session JWTs are valid. This secret key is hardcoded into the web server. Anyone with knowledge of the secret key could create a valid JWT, thus bypassing the typical authentication to access the server with administrator privileges.
[CVE-2025-44955] Hardcoded Secrets (CWE-259: Use of Hard-coded Password). RND includes a jailed environment to allow users to configure devices without complete shell access to the underlying operating system. The jailed environment includes a built-in jailbreak for technicians to elevate privileges. The jailbreak requires a weak password that is hardcoded into the environment. Anyone with this password can access an RND server with root permissions.
[CVE-2025-6243] Hardcoded SSH Public Key (CWE-321: Use of Hard-coded Cryptographic Key). A built-in user called sshuser, with root privileges, exists on the RND platform. Both public and private ssh keys exist in the sshuser home directory. Anyone with the private key can access an RND server as sshuser.
[CVE-2025-44958] Recoverable passwords (CWE-257: Storing Passwords in a Recoverable Format). RND encrypts passwords with a hardcoded weak secret key and returns the passwords in plaintext. If the server were compromised, an attacker could gain all the plaintext passwords and decrypt them.
Impact
Impact of these vulnerabilities vary from information leakage to total compromise of the wireless environment managed by the affected products. As an example, an attacker with network access to Ruckus Wireless vSZ can exploit CVE-2025-44954 to gain full administrator access that will lead to total compromise of the vSZ wireless management environment. Furthermore, multiple vulnerabilities can be chained to create chained attacks that can allow the attacker to combine attacks to bypass any security controls that prevent only specific attacks.
Solution
No patches have been supplied by the vendor at this time.
To mitigate risk, network administrators should limit access to the wireless management environments that use these affected products, allowing a limited set of trusted users and their authenticated clients to manage Ruckus infrastructure via a secure protocol such as HTTPS or SSH.
Acknowledgements
Thanks to Noam Moshe of Claroty Team82 for reporting these vulnerabilities. This document was written by CERT/CC.

MS365 Plan Comparison

modern-work-plan-comparison-smb5

Visit Our News Page

Contact us today if you'd like to know more
about how we can keep your network working at its best

VistaNet, Inc is a technology consulting and services company, helping enterprises
marry scale with agility to achieve competitive advantage.

We'd love to talk about your technology needs

Our experts would love to contribute their
expertise and insights to your potential projects
  • This field is for validation purposes and should be left unchanged.