CVE-2025-3424

HIGH

IntelliSpace Portal <12 - Info Disclosure

Title source: llm

Description

The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the "Object Marshalling" technique, which allows an attacker to read internal files without any authentication. This is possible by crafting specific .NET Remoting URLs derived from information enumerated in the client-side configuration files. This issue affects IntelliSpace Portal: 12 and prior.

References (2)

Core 2

Core References

Various Sources

https://www.cve.org/CVERecord?id=CVE-2025-3424

Various Sources

https://www.philips.com/a-w/security/security-advisories.html#security_advisories

Scores

CVSS v4 7.7

EPSS 0.0021

EPSS Percentile 11.5%

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Green

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (1)

Philips/IntelliSpace Portal 12 and prior

Published Apr 07, 2025

Tracked Since Feb 18, 2026