CVE-2025-3425: Unauthenticated Remote Code Execution via .NET Deserialization

7.3 CVSS

Description

The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the deserialization vulnerability. After analyzing the configuration files, we observed that the server had set the TypeFilterLevel to Full which is dangerous as it can potentially lead to remote code execution using deserialization. This issue affects IntelliSpace Portal: 12 and prior.

Classification

CVE ID: CVE-2025-3425

CVSS Base Severity: HIGH

CVSS Base Score: 7.3

CVSS Vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Green

Problem Types

CWE-502 Deserialization of Untrusted Data

Affected Products

Vendor: Philips

Product: IntelliSpace Portal

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.3% (probability of being exploited)

EPSS Percentile: 52.88% (scored less or equal to compared to others)

EPSS Date: 2025-04-22 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3425
https://www.cve.org/CVERecord?id=CVE-2025-3425

Timeline

2025-04-07 17:40:17 UTC
CVE

Unauthenticated Remote Code Execution via .NET Deserialization