关键漏洞信息 CVE ID: CVE-2025-3425 发布日期: 2025-04-07 更新日期: 2025-04-07 标题: Unauthenticated Remote Code Execution Via .NET Deserialization 描述: - IntelliSpace portal application uses .NET Remoting for its functionality. - Vulnerability arises from exploitation of port 755 through deserialization vulnerability. - Server had set the TypeFilterLevel to Full, which can lead to remote code execution using deserialization. - Affects IntelliSpace Portal: 12 and prior. CWE: CWE-502: Deserialization of Untrusted Data CVSS: - Score: 7.3 - Severity: HIGH - Version: 4.0 - Vector String: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N 受影响产品: - Vendor: Philips - Product: IntelliSpace Portal - Affected Versions: 12 and prior 发现者: - Victor A Morales - Omar A Crespo 参考链接: - https://www.cve.org/CVERecord?id=CVE-2025-3425