Auth bypass in Entrust Corporation Instant Financial Issuance (If)
CVE-2025-34414
Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the Legacy Remoting Service that is enabled…
Vulnerability class: Broken Authentication
EPSS: 0.007 (47.5th percentile) — read the EPSS interpretation.
Affected products
- Entrust Corporation Instant Financial Issuance (If) — versions 5.0, 6.0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)