CVE-2025-34414 is a critical vulnerability affecting Entrust Corporation's Instant Financial Issuance (IFI) On Premise software, versions 5.x prior to 6.10.5 and 6.11.1. The root cause is an insecure .NET Remoting exposure in the Legacy Remoting Service, which is enabled by default. This service registers a TCP remoting channel that uses SOAP and binary formatters configured with TypeFilterLevel=Full, allowing deserialization of untrusted data. The service exposes default ObjectURI endpoints such as logfile.rem, photo.rem, cwPhoto.rem, and reports.rem on a network-reachable port. Because the remoting channel is accessible without authentication and uses full type filtering, a remote attacker can invoke exposed remoting objects to perform unauthorized actions. Exploitation can lead to arbitrary file reads, enabling disclosure of sensitive files including installation and service account data. More critically, known .NET Remoting exploitation techniques can be leveraged to perform arbitrary file writes and achieve remote code execution on the affected server. This vulnerability is classified under CWE-502 (Deserialization of Untrusted Data) and CWE-306 (Missing Authentication for Critical Function). The vulnerability does not require any user interaction or prior authentication, making it highly exploitable. The CVSS 4.0 base score is 9.3, indicating a critical severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. Although no known exploits are reported in the wild yet, the vulnerability's characteristics suggest a high risk of exploitation once proof-of-concept code becomes available. The affected product is widely used in financial institutions for card issuance and related financial services, making the impact potentially severe.

The impact of CVE-2025-34414 is severe for organizations using Entrust IFI On Premise software. Successful exploitation can lead to full system compromise, allowing attackers to execute arbitrary code remotely without authentication. This can result in unauthorized access to sensitive financial data, service account credentials, and internal configuration files. The ability to read arbitrary files and write files arbitrarily on the server can facilitate further lateral movement within the network and persistent access. For financial institutions, this could mean compromise of card issuance processes, leading to fraud, financial theft, and reputational damage. Additionally, attackers could disrupt service availability or manipulate financial data integrity. Given the critical nature of the affected systems in financial operations, the threat poses a significant risk to confidentiality, integrity, and availability of critical financial services globally.

To mitigate CVE-2025-34414, organizations should immediately upgrade Entrust IFI On Premise software to versions 6.10.5 or later, or 6.11.1 or later, where the vulnerability is addressed. If immediate patching is not feasible, restrict network access to the remoting service port by implementing strict firewall rules to allow only trusted management hosts. Disable the Legacy Remoting Service if it is not required for operational purposes. Employ network segmentation to isolate the affected servers from untrusted networks. Monitor network traffic for unusual connections to the remoting port and implement intrusion detection/prevention systems with signatures targeting .NET Remoting exploitation attempts. Conduct thorough audits of affected systems for signs of compromise. Additionally, review and harden service account permissions to limit potential damage from credential exposure. Finally, coordinate with Entrust support for any vendor-specific mitigation guidance or hotfixes.