CVE-2025-58384

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DOXENSE WATCHDOC versions prior to 6.1.1.5332

Description The software contains a flaw related to the deserialization of untrusted data. This issue, present in the .NET Remoting library within the Watchdoc administration interface, can allow for remote code execution. Approximately 157 instances are reportedly exposed. An attacker can invoke an unauthenticated API endpoint to execute arbitrary code remotely, potentially compromising the system. The vulnerability affects all printers in the network.

Recommendations Versions prior to 6.1.1.5332 should be upgraded. Restrict access to port 5744.

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2025-12416

CVE-2025-58384

DOTNETREMOTINGCHECK

Affected Products

.Net Remoting

Doxense Watchdoc

CVE-2025-58384

Weakness Enumeration

Related Identifiers

Affected Products

References · 14