What is CVE-2025-1536?

A medium-severity vulnerability in Raisecom Multi-Service Intelligent Gateway affects remote operations. Organizations should prioritize remediation to mitigate risks.

What is the severity of CVE-2025-1536?

CVE-2025-1536 has a severity rating of MEDIUM with a CVSS base score of 6.9.

CVE-2025-1536 | Medium Vulnerability in Raisecom Multi-Service Intelligent Gateway

A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. It has been declared as critical. This vulnerability affects unknown code of the file /vpn/vpn_template_style.php of the component Request Parameter Handler. The manipulation of the argument stylenum leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

The severity level of this vulnerability is medium, with a CVSS score of 6.9. Organizations are at risk because this vulnerability can allow attackers to execute commands on the system remotely, potentially leading to unauthorized control over the affected system.

Risk to organizations includes the potential for unauthorized access to sensitive data and system compromise. As the exploit has been made public, this vulnerability could be targeted by malicious actors. Therefore, organizations should address the issue promptly.

Organizations should prioritize patching immediately to mitigate the risks associated with this vulnerability.

Vulnerability Details

This vulnerability allows for OS command injection through the manipulation of the argument 'stylenum'. The affected component is the Request Parameter Handler in the Raisecom Multi-Service Intelligent Gateway.

The CVSS score of 6.9 indicates a medium severity, with the attack vector classified as network and attack complexity as low.

The vulnerability has been published on February 21, 2025, and affects all versions prior to the vendor patch for 20250208.

Technical Analysis

The root cause of this vulnerability stems from improper handling of user-supplied input in the 'stylenum' argument, allowing for command injection. Attackers may leverage this weakness remotely without requiring authentication or user interaction.

The attack vector is network-based, with low complexity and no privileges required. Confidentiality, integrity, and availability impacts are rated low, indicating that while the attack can be executed easily, the potential damage may be limited.

Risk & Impact Analysis

Real-world deployment of the affected Raisecom Multi-Service Intelligent Gateway poses significant risk due to the remote command injection capabilities. This vulnerability allows an attacker to execute arbitrary system commands, which can lead to further exploitation or data breaches.

Organizations using this product should evaluate their exposure and implement necessary measures. The blast radius can extend to all systems utilizing this gateway, increasing the urgency for remediation.

Given its CVSS score and the absence of a KEV listing, organizations should address this vulnerability in their priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions prior to vendor patch 20250208 are affected. Organizations should verify their systems for compliance.

Mitigation & Remediation

To mitigate this vulnerability, organizations should apply the latest patch from Raisecom as soon as it becomes available. If a patch is not available, consider implementing network segmentation to limit access to the affected system.

Additionally, organizations can enhance security through configuration hardening and regular security assessments. For effective remediation, organizations may consider engaging in penetration testing services to identify potential vulnerabilities in their systems.

Detection Guidance

Organizations should monitor logs for unusual command executions and user activities related to the affected component. Implementing network monitoring solutions can help identify potential exploitation attempts.

AppSecure Threat Intelligence Insight

This vulnerability highlights the ongoing risks associated with remote command injection vulnerabilities in network devices. Security teams should remain vigilant and continuously assess their security posture.

Organizations should implement a proactive vulnerability management program to identify and remediate such vulnerabilities promptly.

For further insights on best practices, organizations can refer to our guide on vulnerability management programs and consider adopting a structured approach to security.

Engaging in penetration testing methodology can further enhance an organization's defenses against such vulnerabilities.

Lastly, continuous monitoring and adjustment of security measures in response to emerging threats will be essential in maintaining a robust security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1536: Medium Vulnerability in Raisecom Multi-Service Intelligent Gateway