CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-58384

CVSS 10.0v3.1pub. 2025-09-26upd. 2026-04-15

In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc administration interface.

🤖 AI Analysis
How it works

The vulnerability exploits the .NET Remoting mechanism in the WATCHDOC application's administrative interface. An attacker can send specially crafted malicious serialized data to the vulnerable endpoint. The .NET Remoting library deserializes this data without proper validation, allowing arbitrary code execution in the server's context. The lack of authentication requirement and network attack vector (AV:N, PR:N, UI:N) make the exploit exceptionally easy to perform.

Impact

An attacker can gain full control over the server — execute arbitrary code (RCE), access sensitive data, modify system configuration, or completely disable the service. The scope of impact extends beyond the attacked component (S:C), creating a risk of lateral movement in the network.

Mitigation & patch

DOXENSE WATCHDOC must be immediately updated to version 6.1.1.5332 or later. Patches and updates are available at https://update.doxense.com/. Until the patch is deployed, it is recommended to restrict access to the administrative interface only to trusted IP addresses through firewall or network segmentation.

Who is affected

DOXENSE WATCHDOC in all versions prior to 6.1.1.5332

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEDeserialization
CWE
References