CVE-2025-3425

IntelliSpace Portal <12 - Deserialization

Title source: llm

Description

The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the deserialization vulnerability. After analyzing the configuration files, we observed that the server had set the TypeFilterLevel to Full which is dangerous as it can potentially lead to remote code execution using deserialization. This issue affects IntelliSpace Portal: 12 and prior.

References (2)

[Various Sources] https://www.cve.org/CVERecord?id=CVE-2025-3425

[Various Sources] https://www.philips.com/a-w/security/security-advisories.html#security_advisories

Scores

EPSS 0.0336

EPSS Percentile 87.2%

Classification

CWE

CWE-502

Status draft

Timeline

Published Apr 07, 2025

Tracked Since Feb 18, 2026