Deserialization Vulnerability in IntelliSpace Portal by Philips
CVE-2025-3425

7.3HIGH

Key Information:

Vendor: Philips
Status: Intellispace Portal
Vendor: CVE Published:; 7 April 2025

Summary

The IntelliSpace Portal application by Philips is impacted by a deserialization vulnerability stemming from its use of .NET Remoting. This vulnerability is triggered through an unprotected port (755), which allows for potential remote code execution. A critical misconfiguration of the server's TypeFilterLevel, set to Full, exacerbates this security flaw. Therefore, these configurations leave systems vulnerable if not properly mitigated. Affected versions include IntelliSpace Portal 12 and earlier.

Affected Version(s)

IntelliSpace Portal 12 and prior

References

https://www.cve.org/CVERecord?id=CVE-2025-3425

https://www.philips.com/a-w/security/security-advisories....

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Apr 7, 2025
Vulnerability Reserved
Apr 7, 2025

Credit

Victor A Morales

Omar A Crespo