CVE-2025-11534
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-21
Assigner: ICS-CERT
Description
Description
The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| raisecom | rax701 | 5.5.13_20180720 |
| raisecom | rax701 | 5.5.27_20190111 |
| raisecom | rax701 | 5.5.36_20190709 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows attackers to establish SSH sessions on affected Raisecom devices without completing user authentication, potentially granting shell access without valid credentials.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could gain unauthorized shell access to the affected devices, leading to potential control over the device, data breaches, or disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70