CVE-2025-3426

Name of the Vulnerable Software and Affected Versions Intellispace Portal versions 12 and prior Advanced Visualization Workspace version 15

Description The issue is related to the lack of protection mechanisms in the Intellispace Portal binaries, making it possible for attackers to reverse-engineer the application. This can lead to the discovery of sensitive information, business logic flaws, and other vulnerabilities. Specifically, an attacker can identify hardcoded credentials from PortalUsersDatabase.dll, which contains .NET remoting definition. The CreateAdmin and CreateService functions in the Users class contain hardcoded encrypted passwords along with their respective salts, set by the SetInitialPasswordAndSalt function.

Recommendations For Intellispace Portal versions 12 and prior, consider implementing code obfuscation and protection mechanisms to prevent reverse engineering. For Advanced Visualization Workspace version 15, restrict access to the PortalUsersDatabase namespace and the Users class to minimize the risk of exploitation. As a temporary workaround, consider disabling the CreateAdmin and CreateService functions until a patch is available. Avoid using the hardcoded encrypted passwords and salts in the affected functions until the issue is resolved.