CVE-2025-3425

HIGH

IntelliSpace Portal <12 - Deserialization

Title source: llm

Description

The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the deserialization vulnerability. After analyzing the configuration files, we observed that the server had set the TypeFilterLevel to Full which is dangerous as it can potentially lead to remote code execution using deserialization. This issue affects IntelliSpace Portal: 12 and prior.

References (2)

Core 2

Core References

Various Sources

https://www.cve.org/CVERecord?id=CVE-2025-3425

Various Sources

https://www.philips.com/a-w/security/security-advisories.html#security_advisories

Scores

CVSS v4 7.3

EPSS 0.0028

EPSS Percentile 19.3%

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Green

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Products (1)

Philips/IntelliSpace Portal 12 and prior

Published Apr 07, 2025

Tracked Since Feb 18, 2026