{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T09:43:39.687","vulnerabilities":[{"cve":{"id":"CVE-2025-3426","sourceIdentifier":"20705f08-db8b-4497-8f94-7eea62317651","published":"2025-04-07T17:15:40.073","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-engineer the application to gain insights into its internal workings, which can potentially lead to the discovery of sensitive information, business logic flaws, and other vulnerabilities.\nUtilizing this flaw, the attacker was able to identify the Hardcoded credentials from PortalUsersDatabase.dll, which contains .NET remoting definition. Inside the namespace PortalUsersDatabase, the class Users contains the functions CreateAdmin and CreateService that are used to initialize accounts in the Portal service. Both CreateAdmin and CreateService functions contain a hardcoded encrypted password along with its respective salt that are set with the function SetInitialPasswordAndSalt.\nThis issue affects IntelliSpace Portal: 12 and prior; Advanced Visualization Workspace: 15."},{"lang":"es","value":"Observamos que los binarios de Intellispace Portal carecen de mecanismos de protección para evitar la ingeniería inversa. En concreto, el código de la aplicación no está ofuscado y no existen medidas de protección contra la descompilación, el desensamblado ni la depuración. Como resultado, los atacantes pueden aplicar ingeniería inversa a la aplicación para obtener información sobre su funcionamiento interno, lo que podría conducir al descubrimiento de información confidencial, fallos de lógica de negocio y otras vulnerabilidades. Aprovechando esta vulnerabilidad, el atacante pudo identificar las credenciales codificadas de PortalUsersDatabase.dll, que contiene la definición de comunicación remota .NET. Dentro del espacio de nombres PortalUsersDatabase, la clase Users contiene las funciones CreateAdmin y CreateService, que se utilizan para inicializar cuentas en el servicio Portal. Ambas funciones, CreateAdmin y CreateService, contienen una contraseña cifrada codificada junto con su respectiva sal, que se configura con la función SetInitialPasswordAndSalt. Este problema afecta a IntelliSpace Portal: versión 12 y anteriores; Advanced Visualization Workspace: versión 15."}],"metrics":{"cvssMetricV40":[{"source":"20705f08-db8b-4497-8f94-7eea62317651","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Green","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"PRESENT","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"GREEN"}}]},"weaknesses":[{"source":"20705f08-db8b-4497-8f94-7eea62317651","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://www.cve.org/CVERecord?id=CVE-2025-3426","source":"20705f08-db8b-4497-8f94-7eea62317651"},{"url":"https://www.philips.com/a-w/security/security-advisories.html#security_advisories","source":"20705f08-db8b-4497-8f94-7eea62317651"}]}}]}