CVE-2025-11534 CRITICAL

CVE-2025-11534: Authentication Bypass Using an Alternate Path or Channel in Raisecomm RAX701-GC Series

Vendor Raisecomm
Product RAX701-GC-WP-01 P200R002C52
Weakness CWE-288
Published October 21, 2025
Last update October 21, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.

Key dates

02Disclosure timeline

October 21, 2025 CVE published
October 21, 2025 Record updated