CVE-2025-58384 (CVSS 10): Critical RCE Flaw Found in Watchdoc Print Management Software
Ddos 
Doxense has issued an urgent security advisory addressing a critical remote code execution (RCE) vulnerability in its Watchdoc print management solution. The flaw, tracked as CVE-2025-58384, carries a CVSS score of 10, the maximum severity rating.
The advisory warns: “Vulnerability affecting Watchdoc versions lower than 6.1.1 allowing arbitrary remote code execution (RCE) in an unauthenticated and remote manner. It is possible to perform remote code execution using an unauthenticated API call.”
In practical terms, this means an attacker can execute arbitrary code on a vulnerable Watchdoc print server without needing credentials—effectively taking control of the environment.
Exploitation could have severe consequences for organizations relying on Watchdoc. According to Doxense, “Code execution on the print server… at minimum allows compromising all printers (confidentiality breach) and retrieving the Active Directory account used by the print server.”
This access could allow attackers to pivot deeper into enterprise networks, harvest credentials, and launch further attacks.
Doxense strongly recommends immediate remediation. The advisory outlines two key steps:
- Mitigation – Restrict access to the vulnerable port:
“Mitigation: close remote access to port 5744 exposed by Watchdoc. For architectures with a remote IIS server, restrict access to this port to the remote IIS server.” By default, Watchdoc’s firewall rule allows all incoming connections, making this adjustment critical until patches are applied. - Remediation – Upgrade to the patched version:
“Remediation: update to Watchdoc 6.1.1.” Customers should also review firewall settings to ensure only ports 5754 and 5753 are accessible externally, or properly configure exceptions if using a remote IIS server.
Related Posts:
- Windows 11 Printing Problems: Microsoft Confirms Spontaneous Printing Bug
- Secure Your Print Jobs: Microsoft Rolls Out Universal Print Anywhere for Everyone
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
