CVE-2025-11534
published 2025-10-21CVE-2025-11534: The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access…
PriorityP267critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.81%
52.3th percentile
The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| raisecomm | rax701-gc-wp-01_p200r002c52 | — | — |
| raisecomm | rax701-gc-wp-01_p200r002c53 | — | — |
| raisecomm | rax701-gc-wp-01_p200r002c53 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated SSH session establishment against Raisecom RAX701-GC devices — look for SSH sessions that complete the TCP/key-exchange handshake but never complete the authentication phase (no SSH_MSG_USERAUTH_SUCCESS) yet still reach an interactive shell state ↗
- →Alert on inbound SSH (TCP/22) connections to Raisecom RAX701-GC-WP-01 devices running firmware versions 5.5.27_20190111, 5.5.13_20180720, or 5.5.36_20190709 from untrusted/external network segments ↗
- →Flag any SSH session to these devices that results in root shell access without a corresponding successful authentication exchange — the vulnerability grants unauthenticated root shell access ↗
- ·No patch is available; the vendor has not responded to CISA mitigation requests. Defensive posture relies entirely on network-level controls (firewall, VPN, network isolation) rather than a vendor fix. ↗
- ·No known public exploitation has been reported at time of advisory publication, but the vulnerability is remotely exploitable with low attack complexity and no privileges required (CVSS v3.1: 9.8), making it high-priority for network segmentation. ↗
- ·Affected firmware versions are specific: P200R002C52 at 5.5.27_20190111 and P200R002C53 at 5.5.13_20180720 and 5.5.36_20190709. Inventory should confirm exact firmware strings before scoping detection. ↗
CVSS provenance
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cisa8.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xw62-rx45-hvr3: The affected Raisecom devices allow SSH sessions to be established without completing user authentication
ghsa_unreviewed·2025-10-21
CVE-2025-11534 [CRITICAL] CWE-288 GHSA-xw62-rx45-hvr3: The affected Raisecom devices allow SSH sessions to be established without completing user authentication
The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.
CISA ICS
Raisecomm RAX701-GC Series
cisa_ics·2025-10-21·CVSS 9.3
[CRITICAL] Raisecomm RAX701-GC Series
ICS Advisory
##
Raisecomm RAX701-GC Series
Release DateOctober 21, 2025
Alert CodeICSA-25-294-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Raisecomm
- Equipment: RAX701-GC-WP-01 P200R002C52, RAX701-GC-WP-01 P200R002C53
- Vulnerability: Authentication Bypass Using an Alternate Path or Channel
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and gain unauthenticated root shell access to the affected devices.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Raisecomm RAX701-GC products, are affected:
CISA
Git Link Following Vulnerability
cisa·2025-08-25·CVSS 8.0
CVE-2025-48384 [HIGH] CWE-59 Git Link Following Vulnerability
Vulnerability: Git Link Following Vulnerability
Affected: Git Git
Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 ; https://access.redhat.com/errata/RHSA-2025:13933 ; https://alas.aws.amazon.com/AL2/ALAS2-2025-2941.html ; https://linux.oracle.com/errata/ELSA-2025-11534.html ; https://msrc.
No detection rules found.
No public exploits indexed.
2025-10-21
Published