CISA Warns: Critical Raisecom Router Flaw (CVE-2025-11534, CVSS 9.8) Allows Unauthenticated Root SSH Access

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding a critical authentication bypass vulnerability affecting Raisecom RAX701-GC routers used in industrial and telecom environments.

Tracked as CVE-2025-11534, the flaw carries a CVSS v3.1 base score of 9.8, allowing unauthenticated attackers to gain root shell access to vulnerable devices via SSH without providing valid credentials.

“The affected Raisecom devices allow SSH sessions to be established without completing user authentication,” CISA stated. “This could allow attackers to gain shell access without valid credentials.”

The vulnerability impacts the following Raisecom RAX701-GC-WP-01 firmware versions:

• P200R002C52: Firmware version 5.5.27_20190111
• P200R002C53: Firmware versions 5.5.13_20180720 and 5.5.36_20190709.

CISA classified the flaw under CWE-288: Authentication Bypass Using an Alternate Path or Channel, noting that it enables attackers to establish SSH connections without completing authentication routines — effectively granting unauthenticated root shell access to the device.

The issue was discovered by HD Moore of runZero, and Tod Beardsley of runZero reported it to CISA for coordinated disclosure.

As of the latest CISA advisory, Raisecom has not responded to requests for collaboration on mitigation or patch development.

This lack of vendor response leaves affected organizations without an official firmware update, forcing defenders to rely on network segmentation and access restrictions to minimize risk.

Until patches become available, CISA urges administrators to implement immediate network-level mitigations to reduce exposure:

• Minimize network exposure of all control system devices and ensure they are not directly accessible from the internet.
• Locate control system networks and remote devices behind firewalls, isolating them from business IT environments.
• Use secure remote access methods such as VPNs, keeping them updated and recognizing that VPNs may have vulnerabilities and should be updated to the most current version available.
• Monitor for unauthorized SSH connections and anomalous activity from exposed Raisecom endpoints.

While no known exploitation of this vulnerability has been reported at the time of writing, the ease of remote exploitation and the critical privileges granted make this an urgent issue for network administrators.

Related Posts:

• Critical Flaw in RAISECOM Gateways Actively Exploited, Exposing Thousands to Remote Attacks
• RAISECOM Gateways Exposed: Remote Command Execution Flaw Impacts 25,000+ Devices
• Malicious npm Packages Exploiting Typosquatting to Inject SSH Backdoors
• Account Takeover Vulnerability Found in Better Auth Library
• LNK Files and SSH Commands: The New Arsenal of Advanced Cyber Attacks