Unauthorized File Access Vulnerability in IntelliSpace Portal by Philips
CVE-2025-3424

7.7HIGH

Key Information:

Vendor: Philips
Status: Intellispace Portal
Vendor: CVE Published:; 7 April 2025

Summary

The IntelliSpace Portal by Philips is susceptible to a vulnerability that allows unauthorized access to internal files through exploitation of port 755 via the 'Object Marshalling' technique. Attackers can exploit this flaw by crafting specific .NET Remoting URLs based on information extracted from client-side configuration files. This unauthorized access poses significant risks, as it enables potential exposure of sensitive internal files without requiring authentication.

Affected Version(s)

IntelliSpace Portal Windows 12 and prior

References

https://www.cve.org/CVERecord?id=CVE-2025-3424

https://www.philips.com/a-w/security/security-advisories....

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 7, 2025
Vulnerability Reserved
Apr 7, 2025

Credit

Victor A Morales

Omar A Crespo