CVE-2025-15610
Received
Received - Intake
Deserialization Object Injection in OpenText RightFax Allows Code Execution
Vulnerability report for CVE-2025-15610, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-15
Last updated on: 2026-04-29
Assigner: OpenText
Description
Description
The .NET Remoting framework used by OpenText Fax (RightFax) includes known security vulnerabilities that could be exploited if the service is exposed in environments where the remoting ports are accessible.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opentext | rightfax | to 25.4 (exc) |
| opentext | rightfax | to 25.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |