Warning: Critical Deserialization of Untrusted Data vulnerability in Doxense Watchdog that can lead to Remote Code Execution, Patch Immediately!

Image
Decorative image
Veröffentlicht : 29/09/2025

 

    * Last update:  29/09/2025
   
    * Affected software: Doxense Watchdog, all versions prior to 6.1.1.5332
 
    * Type: CWE-502: Deserialization of Untrusted Data
 
    * CVE/CVSS: CVE-2025-58384: CVSS 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

 

Sources

Doxense https://doc.doxense.com/Watchdoc/J_Securite/cve-2025-58384.htm
 

Risks

Watchdoc is a software suite developed by Doxense to manage printing and scanning operations across various types of businesses and public sector entities.

A critical Deserialization-of-Untrusted-Data vulnerability (CVE-2025-58384) has been discovered in Doxense Watchdoc. It affects all Doxense Watchdoc versions up to and including 6.1.1.5332.

This low complexity vulnerability poses a very significant risk. A threat actor can exploit it to cause a network-wide attack that can lead to remote code execution in the print server. Since no privileges or user interaction are required and the scope is changed, all these factors make the vulnerability highly attractive to attackers.

Exploiting CVE-2025-58384 has a high impact all three aspects of the CIA triad (Confidentiality, Integrity, Availability).
As of 2025-09-29 there is no publicly available proof-of-concept, nor any evidence of this vulnerability being exploited in the wild.

Description

An unauthenticated threat actor can exploit CVE-2025-58384 to use API calls and execute code remotely. This could allow the attacker to compromise the whole system and all printers in the network. The attacker could also exploit this vulnerability to retrieve a list of Active Directory accounts that used/accessed the printer server. This vulnerability originates from a bug in the .NET Remoting library in the Watchdoc administration interface.

Recommended Actions

 
Patch  
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

The Centre for Cybersecurity Belgium advises updating to Watchdog version 6.1.1 or later and following the mitigation procedure in the official Doxense advisory.

Monitor/Detect 

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
 
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
 
 

References

NVD https://nvd.nist.gov/vuln/detail/CVE-2025-58384