CVE-2025-3426

EPSS 0.02%
Veröffentlicht 07.04.2025 16:23:00
Zuletzt bearbeitet 10.04.2025 16:15:29
Quelle 20705f08-db8b-4497-8f94-7eea62
CVE-Watchlists
Login
Unerledigt
Login

We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-engineer the application to gain insights into its internal workings, which can potentially lead to the discovery of sensitive information, business logic flaws, and other vulnerabilities.
Utilizing this flaw, the attacker was able to identify the Hardcoded credentials from PortalUsersDatabase.dll, which contains .NET remoting definition. Inside the namespace PortalUsersDatabase, the class Users contains the functions CreateAdmin and CreateService that are used to initialize accounts in the Portal service. Both CreateAdmin and CreateService functions contain a hardcoded encrypted password along with its respective salt that are set with the function SetInitialPasswordAndSalt.
This issue affects IntelliSpace Portal: 12 and prior; Advanced Visualization Workspace: 15.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerPhilips

≫

Produkt IntelliSpace Portal

Default Statusunaffected

Version 12 and prior

Status affected

HerstellerPhilips

≫

Produkt Advanced Visualization Workspace

Default Statusunaffected

Version 15

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.056

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
20705f08-db8b-4497-8f94-7eea62317651	7.2	0	0	CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Green

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.cve.org/CVERecord?id=CVE-2025-3426

https://www.philips.com/a-w/security/security-advisories.html#security_advisories

https://nvd.nist.gov/vuln/detail/CVE-2025-3426

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-3426

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-3426

EUVD