CVE-2025-15610

CRITICAL

OpenText RightFax through 25.4 - Deserialization

Title source: llm

Description

The .NET Remoting framework used by OpenText Fax (RightFax) includes known security vulnerabilities that could be exploited if the service is exposed in environments where the remoting ports are accessible.

References (1)

https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0861863

Scores

CVSS v4 9.3

EPSS 0.0006

EPSS Percentile 18.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-502

Status published

Products (12)

OpenText, Inc/RightFax 16.6 - 16.6 Update7136

OpenText, Inc/RightFax 20.2 - 20.2 Update5705

OpenText, Inc/RightFax 21.2 - 21.2.1.2678

OpenText, Inc/RightFax 21.2 - 21.2.1.2707

OpenText, Inc/RightFax 22.2 - 22.2.0.1644

OpenText, Inc/RightFax 22.2 - 22.2.2.347

OpenText, Inc/RightFax 23.4 - 23.4.2.853

OpenText, Inc/RightFax 23.4 - 26.4.0.1644

OpenText, Inc/RightFax 24.4 - 24.4.0.1644

OpenText, Inc/RightFax 24.4 - 24.4.2.853

... and 2 more

Published Apr 15, 2026

Tracked Since Apr 15, 2026