Description
The .NET Remoting framework used by OpenText Fax (RightFax) includes known security vulnerabilities that could be exploited if the service is exposed in environments where the remoting ports are accessible.
Published: 2026-04-15
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves the .NET Remoting framework used by OpenText RightFax. If the service is exposed in an environment where the remoting ports are reachable, an attacker can exploit known weaknesses in the framework. The flaw allows the injection of malicious objects during deserialization, enabling arbitrary code execution within the application and potentially full compromise of the underlying operating system.

Affected Systems

The issue affects OpenText RightFax software. Users should consult OpenText for a patched version that resolves the deserialization flaw.

Risk and Exploitability

The CVSS score of 9.3 indicates a high severity vulnerability. The EPSS score of < 1% suggests that the exploitation probability is presently low, though not zero. The flaw is not listed in CISA's KEV catalog. The attack vector is inferred to be remote, most likely via the exposed remoting ports. If the RightFax server is exposed to untrusted networks, an attacker could leverage this weakness to achieve remote code execution before a patch is applied.

Generated by OpenCVE AI on April 30, 2026 at 14:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch for RightFax that addresses the deserialization flaw when it becomes available.
  • If an upgrade is not immediately possible, disable or restrict any public-facing functionalities that accept external data, such as remote fax submission interfaces, and remove any unnecessary network services.
  • Implement network segmentation and firewall rules to restrict inbound connections to the RightFax server, allowing access only from trusted hosts.
  • Validate all inputs to the application and employ whitelisting for acceptable object types to prevent unchecked deserialization.

Generated by OpenCVE AI on April 30, 2026 at 14:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Deserialization of Untrusted Data Allows Object Injection in OpenText RightFax

Wed, 29 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
Description Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4. The .NET Remoting framework used by OpenText Fax (RightFax) includes known security vulnerabilities that could be exploited if the service is exposed in environments where the remoting ports are accessible.

Thu, 16 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Title Deserialization of Untrusted Data Allows Object Injection in OpenText RightFax

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Opentext
Opentext rightfax
Vendors & Products Opentext
Opentext rightfax

Wed, 15 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Description Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4.
Weaknesses CWE-502
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Opentext Rightfax
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenText

Published:

Updated: 2026-04-29T22:07:10.628Z

Reserved: 2026-03-16T14:20:32.991Z

Link: CVE-2025-15610

cve-icon Vulnrichment

Updated: 2026-04-15T17:32:25.478Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-15T17:17:00.020

Modified: 2026-04-29T22:16:20.340

Link: CVE-2025-15610

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:15:40Z

Weaknesses