cbcvebase.
CVE-2025-11534
published 2025-10-21

CVE-2025-11534: The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access…

PriorityP267critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.81%
52.3th percentile
The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.

Affected

3 ranges
VendorProductVersion rangeFixed in
raisecommrax701-gc-wp-01_p200r002c52
raisecommrax701-gc-wp-01_p200r002c53
raisecommrax701-gc-wp-01_p200r002c53

Detection & IOCsextracted from sources · hover to see the quote

  • Detect unauthenticated SSH session establishment against Raisecom RAX701-GC devices — look for SSH sessions that complete the TCP/key-exchange handshake but never complete the authentication phase (no SSH_MSG_USERAUTH_SUCCESS) yet still reach an interactive shell state
  • Alert on inbound SSH (TCP/22) connections to Raisecom RAX701-GC-WP-01 devices running firmware versions 5.5.27_20190111, 5.5.13_20180720, or 5.5.36_20190709 from untrusted/external network segments
  • Flag any SSH session to these devices that results in root shell access without a corresponding successful authentication exchange — the vulnerability grants unauthenticated root shell access
  • ·No patch is available; the vendor has not responded to CISA mitigation requests. Defensive posture relies entirely on network-level controls (firewall, VPN, network isolation) rather than a vendor fix.
  • ·No known public exploitation has been reported at time of advisory publication, but the vulnerability is remotely exploitable with low attack complexity and no privileges required (CVSS v3.1: 9.8), making it high-priority for network segmentation.
  • ·Affected firmware versions are specific: P200R002C52 at 5.5.27_20190111 and P200R002C53 at 5.5.13_20180720 and 5.5.36_20190709. Inventory should confirm exact firmware strings before scoping detection.

CVSS provenance

nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cisa8.0HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.