CVE-2025-34414 is a critical vulnerability affecting Entrust Corporation's Instant Financial Issuance (IFI) On Premise software, specifically versions 5.x and 6.0 prior to 6.10.5 and 6.11.1. The vulnerability stems from an insecure configuration of the Legacy Remoting Service, which uses .NET Remoting technology with SOAP and binary formatters set to TypeFilterLevel=Full. This setting allows deserialization of untrusted data, a well-known security risk categorized under CWE-502. The service exposes default ObjectURI endpoints such as logfile.rem, photo.rem, cwPhoto.rem, and reports.rem on a network-reachable TCP port. Because the remoting service is enabled by default and accessible without authentication, a remote attacker can invoke these endpoints to perform unauthorized actions. Exploitation can lead to arbitrary file reads, allowing attackers to access sensitive installation files and service account credentials. More critically, attackers can leverage known .NET Remoting exploitation techniques to write arbitrary files and execute remote code on the affected server. This results in full compromise of the host, including potential lateral movement within the network. The vulnerability requires no authentication or user interaction and has a CVSS 4.0 score of 9.3, indicating critical severity. Although no known exploits are currently reported in the wild, the ease of exploitation and impact necessitate urgent remediation. The vulnerability also relates to CWE-306 (Missing Authentication for Critical Function), highlighting the lack of access controls on the remoting service. Given Entrust IFI's role in financial card issuance, exploitation could disrupt financial operations and expose sensitive customer data.

For European organizations, especially financial institutions and payment service providers using Entrust IFI On Premise software, this vulnerability poses a severe risk. Successful exploitation can lead to unauthorized disclosure of sensitive data such as service account credentials and installation details, undermining confidentiality. The ability to execute arbitrary code remotely compromises system integrity and availability, potentially causing operational disruptions in card issuance processes. This could result in financial losses, regulatory penalties under GDPR due to data breaches, and reputational damage. The lack of authentication and network exposure increases the likelihood of exploitation by external threat actors. Given the critical nature of financial infrastructure in Europe, attackers could leverage this vulnerability to conduct fraud, data theft, or persistent intrusions. The impact extends beyond the affected host to the broader network, enabling lateral movement and further compromise. Organizations may face significant remediation costs and operational downtime if exploited.

1. Immediately upgrade Entrust IFI On Premise software to version 6.10.5 or later, where the vulnerability is patched. 2. If upgrading is not immediately possible, disable the Legacy Remoting Service or restrict its network exposure by firewalling the remoting TCP port to trusted management networks only. 3. Implement network segmentation to isolate Entrust IFI servers from general user and internet-facing networks, minimizing attack surface. 4. Monitor network traffic for unusual access patterns to the remoting endpoints (logfile.rem, photo.rem, cwPhoto.rem, reports.rem) and investigate anomalies. 5. Employ host-based intrusion detection systems to detect suspicious file access or code execution activities on Entrust IFI servers. 6. Review and rotate service account credentials and other sensitive data potentially exposed by the vulnerability. 7. Conduct thorough security audits and penetration testing focusing on deserialization and remoting services. 8. Educate IT and security teams about the risks of insecure .NET Remoting configurations and enforce secure coding and deployment practices for legacy services.