External risk intelligence

OpenText RightFax admin control exposed through vulnerable .NET Remoting

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2025-15610

An external attacker can exploit OpenText RightFax to take full control of the server. This could allow them to steal sensitive stored fax documents and administrative credentials, leading to a complete system compromise.

2Halo Surface Signal

Deserialization

External exposure likelihood

Halo Surface Signal score for CVE-2025-15610

OpenText RightFax is an enterprise fax server typically deployed within internal network segments. While the vulnerability targets remoting ports that could be reached if misconfigured or exposed, these services are not designed to be public-facing, and general internet exposure is uncommon for this product type.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

A security issue exists in the .NET Remoting framework used by OpenText Fax (RightFax). If the service's remoting ports are accessible, this vulnerability could be exploited, potentially leading to significant compromise.

  • Allows unauthorized remote access.
  • Affects systems with exposed remoting ports.
  • Elevates the importance of secure network configurations.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this vulnerability by sending malicious serialized data to the .NET Remoting service, which is part of OpenText Fax, if it's exposed to the network. This could allow them to execute arbitrary code on the server with the privileges of the running service.

  • Exposed remoting ports are required.
  • Attacker sends serialized object.
  • No authentication needed.

Live Threat

Current exploitation, exposure, and threat context

Attackers may be drawn to this vulnerability if the .NET Remoting framework in OpenText Fax is exposed to networks where attackers can reach it, although this is generally uncommon for enterprise fax servers. The severity of the vulnerability suggests a high potential impact, but its practical exploitation depends heavily on the specific deployment and network configuration.

  • Not listed in KEV.
  • Exploit status is unknown.
  • Low internet exposure likelihood.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Teams should prioritize investigating and securing OpenText RightFax servers, particularly those potentially exposed to external networks. Focus on identifying instances where the .NET Remoting framework is accessible, as these are prime targets for exploitation.

  • Review network configurations for exposed remoting ports.
  • Isolate or disable affected services if exposed.
  • Monitor for unusual .NET Remoting activity.

Frequently asked questions

What is OpenText Fax (RightFax)?

OpenText Fax, also known as RightFax, is a business software solution for managing and sending faxes, allowing organizations to integrate faxing into their workflows.

What weakness does CVE-2025-15610 describe?

CVE-2025-15610 describes a .NET Remoting framework vulnerability in OpenText Fax, identified as CWE-502. This weakness involves the deserialization of untrusted data.

How can the .NET Remoting framework in OpenText Fax be exploited?

Exploitation requires exposed .NET Remoting ports, enabling an attacker to send malicious serialized data to achieve arbitrary code execution on the server.

What is the practical relevance of CVE-2025-15610?

While the vulnerability has critical severity, practical exploitation is unlikely as OpenText RightFax is typically an internal enterprise server, not usually exposed to the public internet.

What steps should be taken to address this vulnerability?

Review network configurations for any exposed .NET Remoting ports on OpenText RightFax servers, isolate or disable these services if found, and monitor for related suspicious activity.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified