CVE-2025-3425

Severity CVSS v4.0:

HIGH

Type:

CWE-502 Deserialization of Untrusted Dat

Publication date:

07/04/2025

Last modified:

10/04/2025

Description

The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the deserialization vulnerability. After analyzing the configuration files, we observed that the server had set the TypeFilterLevel to Full which is dangerous as it can potentially lead to remote code execution using deserialization. This issue affects IntelliSpace Portal: 12 and prior.

Impact

Vector 4.0

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Green CVSS v4.0 Severity and Metrics:

Base Score: 7.30 HIGH
Vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Green

Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Attack Requirements (AT): None
Privileges Required (PR): None
User Interaction (UI): Active
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None
Safety (S): Present
Automatable (AU): Yes
Recovery (R): User
Value Density (V): Concentrated
Vulnerability Response Effort (RE): Moderate
Provider Urgency (U): Green

Base Score 4.0

7.30

Severity 4.0

HIGH

CVE-2025-3425

Description

Impact

References to Advisories, Solutions, and Tools