CVE-2025-11534

Summary

The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.

Affected Software

VendorProductVersion RangeStatus
RaisecommRAX701-GC-WP-01 P200R002C52Firmware version 5.5.27_20190111affected
RaisecommRAX701-GC-WP-01 P200R002C53Firmware version 5.5.13_20180720affected
RaisecommRAX701-GC-WP-01 P200R002C53Firmware version 5.5.36_20190709affected

Weaknesses

  • CWE-288: CWE-288: Authentication Bypass Using an Alternate Path or Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References