CVE-2025-3424: 3.2.1 Arbitrary File Read in insecure .NET Remoting TCP Channel

7.7 CVSS

Description

The IntelliSpace portal application utilizes .NET
Remoting for its functionality. The vulnerability arises from the exploitation
of port 755 through the "Object Marshalling" technique, which allows
an attacker to read internal files without any authentication. This is possible
by crafting specific .NET Remoting URLs derived from information enumerated in
the client-side configuration files.

This issue affects IntelliSpace Portal: 12 and prior.

Classification

CVE ID: CVE-2025-3424

CVSS Base Severity: HIGH

CVSS Base Score: 7.7

CVSS Vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Green

Problem Types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected Products

Vendor: Philips

Product: IntelliSpace Portal

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 8.18% (scored less or equal to compared to others)

EPSS Date: 2025-04-22 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3424
https://www.cve.org/CVERecord?id=CVE-2025-3424

Timeline

2025-04-07 16:40:12 UTC
CVE

3.2.1 Arbitrary File Read in insecure .NET Remoting TCP Channel