What is the severity of CVE-2025-3426?

CVE-2025-3426 is categorized as a high severity vulnerability due to the lack of protections against reverse engineering.

How do I fix CVE-2025-3426?

To mitigate CVE-2025-3426, implement code obfuscation and establish protections against decompilation and debugging in your applications.

What software is affected by CVE-2025-3426?

CVE-2025-3426 affects Philips IntelliSpace Portal up to version 12 and Philips Advanced Visualization Workspace up to version 15.

What are the risks associated with CVE-2025-3426?

The primary risk of CVE-2025-3426 is that attackers can easily reverse engineer the software, potentially exposing sensitive data or intellectual property.

Is there a patch available for CVE-2025-3426?

As of now, there is no official patch available for CVE-2025-3426, so implementing recommended mitigations is crucial.

Vulnerability/
CVE-2025-3426

high

7.2

CWE

798

EPSS

0.018%

7/4/2025

10/4/2025

CVE-2025-3426: Use of default hardcoded credentials

First published: Mon Apr 07 2025(Updated: )

We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-engineer the application to gain insights into its internal workings, which can potentially lead to the discovery of sensitive information, business logic flaws, and other vulnerabilities. Utilizing this flaw, the attacker was able to identify the Hardcoded credentials from PortalUsersDatabase.dll, which contains .NET remoting definition. Inside the namespace PortalUsersDatabase, the class Users contains the functions CreateAdmin and CreateService that are used to initialize accounts in the Portal service. Both CreateAdmin and CreateService functions contain a hardcoded encrypted password along with its respective salt that are set with the function SetInitialPasswordAndSalt. This issue affects IntelliSpace Portal: 12 and prior; Advanced Visualization Workspace: 15.

Credit: 20705f08-db8b-4497-8f94-7eea62317651

Affected Software	Affected Version	How to fix
Philips IntelliSpace Portal	<12
Philips Advanced Visualization Workspace	<15

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-3426?
CVE-2025-3426 is categorized as a high severity vulnerability due to the lack of protections against reverse engineering.
How do I fix CVE-2025-3426?
To mitigate CVE-2025-3426, implement code obfuscation and establish protections against decompilation and debugging in your applications.
What software is affected by CVE-2025-3426?
CVE-2025-3426 affects Philips IntelliSpace Portal up to version 12 and Philips Advanced Visualization Workspace up to version 15.
What are the risks associated with CVE-2025-3426?
The primary risk of CVE-2025-3426 is that attackers can easily reverse engineer the software, potentially exposing sensitive data or intellectual property.
Is there a patch available for CVE-2025-3426?
As of now, there is no official patch available for CVE-2025-3426, so implementing recommended mitigations is crucial.

collector/mitre-cve
source/MITRE
agent/title
agent/references
agent/weakness
agent/first-publish-date
agent/description
agent/type
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/author
agent/severity
agent/event
agent/source
agent/tags
agent/last-modified-date
collector/epss-latest
source/FIRST
agent/epss
collector/nvd-api
source/NVD
vendor/philips
canonical/philips intellispace portal
canonical/philips advanced visualization workspace