CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3426 – Use of default hardcoded credentials
https://notcve.org/view.php?id=CVE-2025-3426
07 Apr 2025 — We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-engineer the application to gain insights into its internal workings, which can potentially lead to the discovery of sensitive information, business logic flaws, and other vulnerabilities. Utilizing this flaw, the attacker... • https://www.cve.org/CVERecord?id=CVE-2025-3426 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3425 – Unauthenticated Remote Code Execution via .NET Deserialization
https://notcve.org/view.php?id=CVE-2025-3425
07 Apr 2025 — The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the deserialization vulnerability. After analyzing the configuration files, we observed that the server had set the TypeFilterLevel to Full which is dangerous as it can potentially lead to remote code execution using deserialization. This issue affects IntelliSpace Portal: 12 and prior. • https://www.cve.org/CVERecord?id=CVE-2025-3425 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3424 – 3.2.1 Arbitrary File Read in insecure .NET Remoting TCP Channel
https://notcve.org/view.php?id=CVE-2025-3424
07 Apr 2025 — The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the "Object Marshalling" technique, which allows an attacker to read internal files without any authentication. This is possible by crafting specific .NET Remoting URLs derived from information enumerated in the client-side configuration files. This issue affects IntelliSpace Portal: 12 and prior. The IntelliSpace portal application utilizes .NET Remoting for i... • https://www.cve.org/CVERecord?id=CVE-2025-3424 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •