Critical severityNVD Advisory· Published Aug 13, 2025· Updated Apr 15, 2026
CVE-2025-34153
CVE-2025-34153
Description
Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI endpoint TimerServer, implemented in Hyland.Core.Timers.dll. This endpoint deserializes untrusted input using the .NET BinaryFormatter, allowing attackers to execute arbitrary code under the context of NT AUTHORITY\SYSTEM.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
5- community.hyland.com/resources/bulletins-and-notices/210540-security-update-hyland-timer-service-bulletin-ob2025-02nvd
- gist.github.com/VAMorales/32794cccc2195a935623a12ef32760dcnvd
- support.hyland.com/r/OnBase/WorkView/Foundation-24.1/WorkView/Installation/Upgrade-Considerations/Upgrading-to-OnBase-Version-Foundation-24.1nvd
- www.hyland.com/en/internal/onbase-unity-clientnvd
- www.vulncheck.com/advisories/hyland-onbase-net-remoting-tcp-channel-unauthenticated-rcenvd
News mentions
0No linked articles in our index yet.