What is the critical vulnerability in Raisecomm RAX701-GC devices?

CISA is reporting a critical vulnerability tracked as CVE-2025-11534 with a CVSS score of 9.3 in Raisecomm RAX701-GC Series devices. The flaw allows attackers to establish SSH sessions and gain unauthenticated root shell access without valid credentials, providing complete control over the systems.

Which Raisecomm products are affected by CVE-2025-11534?

Affected products include RAX701-GC-WP-01 P200R002C52 with firmware version 5.5.27_20190111, and RAX701-GC-WP-01 P200R002C53 with firmware versions 5.5.13_20180720 and 5.5.36_20190709.

Has Raisecomm released a patch for CVE-2025-11534?

No, as of October 21, 2025, no patches or firmware updates have been released to fix the flaw. Raisecomm has not responded to CISA's requests to work on mitigating this vulnerability.

What access does CVE-2025-11534 provide to attackers?

The vulnerability could enable attackers to gain unauthenticated root shell access to the Raisecomm devices, providing complete control over the systems without requiring valid credentials.

What should organizations do about the Raisecomm vulnerability?

Organizations should ensure that all affected Raisecomm control system devices are not accessible from the internet and minimize network exposure wherever possible. Users of affected versions should contact Raisecomm customer support for additional information, though the lack of vendor response suggests support may be limited.

What is the severity rating of the Raisecomm CVE-2025-11534 vulnerability?

CVE-2025-11534 has been assigned a CVSS score of 9.3, making it a critical severity vulnerability that requires immediate attention and mitigation measures.

Has Raisecomm responded to CISA about the vulnerability?

No, Raisecomm has not responded to CISA's requests to work on mitigating this vulnerability, and no patches or firmware updates have been released as of October 21, 2025.

Advisory

CISA warns of critical authentication bypass flaw in Raisecomm RAX701-GC Series

published: Oct. 21, 2025

Take action: If you're using Raisecomm RAX701-GC devices make sure they are isolated from the internet and accessible only from trusted networks. Then reach out to the vendor for possible patches. Consider replacing these devices with supported alternatives if possible, since the manufacturer hasn't responded to fix this flaw.

Learn More

CISA is reporting a critical vulnerability in the Raisecomm RAX701-GC Series devices that allows attackers to establish SSH sessions and gain shell access without valid credentials.

The flaw is tracked as CVE-2025-11534 (CVSS score 9.3) and could enable attackers to gain unauthenticated root shell access to the devices, providing complete control over the systems.

Affected products:

RAX701-GC-WP-01 P200R002C52: Firmware version 5.5.27_20190111
RAX701-GC-WP-01 P200R002C53: Firmware version 5.5.13_20180720 and version 5.5.36_20190709

Raisecomm has not responded to CISA's requests to work on mitigating this vulnerability. As of October 21, 2025, no patches or firmware updates have been released to fix the flaw. of affected versions of Raisecomm products should contact Raisecomm customer support for additional information, though the lack of vendor response suggests support may be limited.

Organizations should ensure that all affected control system devices are not accessible from the internet and minimize network exposure wherever possible.

CISA warns of critical authentication bypass flaw in Raisecomm RAX701-GC Series

Read More
Siemens releses patch for critical CodeMeter Vulnerability
EFACEC reports critical issues in their BCU 500 …
Siemens reports critical flaws in SiPass access control …
Critical OpenSSH flaw exposes Moxa industrial switches to …
Siemens addresses critical vulnerabilities in multiple products