PT-2025-15269 · Philips · Intellispace Portal
Published
1999-01-01
·
Updated
2025-04-12
·
CVE-2025-3425
CVSS v4.0
7.3
High
| Vector | AV:A/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Green |
Name of the Vulnerable Software and Affected Versions
IntelliSpace Portal versions 12 and prior
Description
The issue arises from the exploitation of port 755 through a deserialization vulnerability in the IntelliSpace portal application, which utilizes .NET Remoting for its functionality. The server's configuration files have the TypeFilterLevel set to Full, potentially leading to remote code execution using deserialization.
Recommendations
For IntelliSpace Portal versions 12 and prior, consider restricting access to port 755 as a temporary workaround until a patch is available. Additionally, review and adjust the TypeFilterLevel setting in the configuration files to a more secure level to minimize the risk of exploitation.
Fix
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intellispace Portal