CVE-2025-3424
7.7
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Green
Summary
The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the "Object Marshalling" technique, which allows an attacker to read internal files without any authentication. This is possible by crafting specific .NET Remoting URLs derived from information enumerated in the client-side configuration files.
This issue affects IntelliSpace Portal: 12 and prior.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Philips | IntelliSpace Portal | 12 and prior | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.cve.org/CVERecord?id=CVE-2025-3424
- https://www.philips.com/a-w/security/security-advisories.html#security_advisories
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.