CVE-2025-34153
published 2025-08-13CVE-2025-34153: Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization…
PriorityP270critical10CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.61%
44.7th percentile
Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI endpoint TimerServer, implemented in Hyland.Core.Timers.dll. This endpoint deserializes untrusted input using the .NET BinaryFormatter, allowing attackers to execute arbitrary code under the context of NT AUTHORITY\SYSTEM.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hyland_software | onbase | < 17.0.2.87 | 17.0.2.87 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://community.hyland.com/resources/bulletins-and-notices/210540-security-update-hyland-timer-service-bulletin-ob2025-02https://gist.github.com/VAMorales/32794cccc2195a935623a12ef32760dchttps://support.hyland.com/r/OnBase/WorkView/Foundation-24.1/WorkView/Installation/Upgrade-Considerations/Upgrading-to-OnBase-Version-Foundation-24.1https://www.hyland.com/en/internal/onbase-unity-clienthttps://www.vulncheck.com/advisories/hyland-onbase-net-remoting-tcp-channel-unauthenticated-rce
2025-08-13
Published