10

CVE-2025-34153

Exploit

Hyland OnBase < 17.0.2.87 .NET Remoting TCP Channel Unauthenticated RCE

Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI endpoint TimerServer, implemented in Hyland.Core.Timers.dll. This endpoint deserializes untrusted input using the .NET BinaryFormatter, allowing attackers to execute arbitrary code under the context of NT AUTHORITY\SYSTEM.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerHyland Software
Produkt OnBase
Default Statusunaffected
Version 0
Version < 17.0.2.87
Status affected
Version 24.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.61% 0.444
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
disclosure@vulncheck.com 10 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://gist.github.com/VAMorales/32794cccc2195a935623a12ef32760dc
https://www.hyland.com/en/internal/onbase-unity-client
https://support.hyland.com/r/OnBase/WorkView/Foundation-24.1/WorkView/Installation/Upgrade-Considerations/Upgrading-to-OnBase-Version-Foundation-24.1
https://www.vulncheck.com/advisories/hyland-onbase-net-remoting-tcp-channel-unauthenticated-rce
https://community.hyland.com/resources/bulletins-and-notices/210540-security-update-hyland-timer-service-bulletin-ob2025-02