Entrust Instant Financial Issuance (IFI) Unauthenticated .NET Remoting Exposure

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the Legacy Remoting Service that is enabled by default. The service registers a TCP remoting channel with SOAP and binary formatters configured at TypeFilterLevel=Full and exposes default ObjectURI endpoints. A remote, unauthenticated attacker who can reach the remoting port can invoke the exposed remoting objects to read arbitrary files from the server and coerce outbound authentication, and may achieve arbitrary file write and remote code execution via known .NET Remoting exploitation techniques. This can lead to disclosure of sensitive installation and service-account data and compromise of the affected host.

AI Analysis

Unauthenticated .NET Remoting Exposure in Entrust Instant Financial Issuance (IFI) allowing remote file read, authentication coercion, and potential arbitrary file write and code execution

Basic Information

ID CVE-2025-34414

Source VulnCheck

Published Dec 9, 2025 at 18:11

Modified Dec 9, 2025 at 19:19

Affected Product

Vendor Entrust Corporation

Product Instant Financial Issuance (IF)

Version 5.x, 6.0, 6.10.x prior to 6.10.5, 6.11.x prior to 6.11.1

Affected Versions Entrust Corporation Instant Financial Issuance (IF) 5.x
Entrust Corporation Instant Financial Issuance (IF) 6.0
Entrust Corporation Instant Financial Issuance (IF) 6.0

CWE Classification

CWE-502 CWE-306

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Entrust Corporation

Product Instant Financial Issuance (IFI)

Version 5.x, 6.0, 6.10.x prior to 6.10.5, 6.11.x prior to 6.11.1

References

{
    "lastseen": "",
    "description": "Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the Legacy Remoting Service that is enabled by default. The service registers a TCP remoting channel with SOAP and binary formatters configured at TypeFilterLevel=Full and exposes default ObjectURI endpoints. A remote, unauthenticated attacker who can reach the remoting port can invoke the exposed remoting objects to read arbitrary files from the server and coerce outbound authentication, and may achieve arbitrary file write and remote code execution via known .NET Remoting exploitation techniques. This can lead to disclosure of sensitive installation and service-account data and compromise of the affected host.",
    "published": "2025-12-09T18:11:47.731Z",
    "modified": "2025-12-09T19:19:08.112Z",
    "type": "cve",
    "title": "Entrust Instant Financial Issuance (IFI) Unauthenticated .NET Remoting Exposure",
    "source": "VulnCheck",
    "references": "https://www.entrust.com/products/issuance-systems/instant/financial-card\nhttps://www.entrust.com/knowledgebase\nhttps://www.vulncheck.com/advisories/entrust-ifi-legacy-remoting-unauthenticated-net-remoting-exposure",
    "id": "CVE-2025-34414",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502",
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Entrust Corporation Instant Financial Issuance (IF) 5.x\nEntrust Corporation Instant Financial Issuance (IF) 6.0\nEntrust Corporation Instant Financial Issuance (IF) 6.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Instant Financial Issuance (IF)",
    "version": "5.x, 6.0, 6.10.x prior to 6.10.5, 6.11.x prior to 6.11.1",
    "vendor": "Entrust Corporation",
    "ai_description": "Unauthenticated .NET Remoting Exposure in Entrust Instant Financial Issuance (IFI) allowing remote file read, authentication coercion, and potential arbitrary file write and code execution",
    "ai_severity": "Critical",
    "ai_vendor": "Entrust Corporation",
    "ai_product": "Instant Financial Issuance (IFI)",
    "ai_version": "5.x, 6.0, 6.10.x prior to 6.10.5, 6.11.x prior to 6.11.1",
    "ai_score": 9.3
}

Entrust Instant Financial Issuance (IFI) Unauthenticated .NET Remoting Exposure_CVE-2025-34414