Hyland Security Updates 2025
OnBase Clients:
Read below for important security information provided by Hyland regarding the OnBase platform. The Initium SoftWorks support team is available to assist with these updates as recommended in the Bulletins. You can create a ticket on the Support Portal link in the top right corner of this webpage and we will assist as soon as possible.
Security update: OnBase Application Server (Bulletin OB2025-01)
Hyland’s internal security teams recently identified a vulnerability in OnBase impacting the OnBase Application Server. This issue has been categorized as critical for all active service releases of OnBase.
Versions 8.0 to 24.1.15 of the OnBase Application Server are affected by this vulnerability. Other versions or modules are either past their active servicing life cycle or are not affected.
The Hyland Engineering team has taken necessary steps to mitigate the vulnerability, and our teams are actively working to mitigate the vulnerability within all Hyland Cloud environments. We strongly recommend all other impacted customers review the following security bulletin and take the necessary actions as soon as possible.
For more information and guidance, download the security bulletin. Contact your first line of support with additional questions.
Follow this bulletin and the Technical and Security Bulletins Community page for additional updates on this and future potential security notifications.
Security update: Hyland Timer Service (Bulletin OB2025-02)
A security vulnerability was recently identified and reported to Hyland regarding OnBase impacting the Hyland Timer Service (Hyland.Core.Timers.NTService.exe) also known as WorkView Timer Service. We have received and verified the security issue, which has been categorized as critical for all active service releases of OnBase.
All versions (6.0 to 23.1.23) of Hyland Timer Service (aka WorkView Timer Service) are affected by this vulnerability. Other versions or modules are either past their active servicing life cycle or are not affected.
The Hyland Engineering team has taken necessary steps to mitigate the vulnerability, and our teams are actively working to mitigate the vulnerability within all Hyland Cloud environments. We strongly recommend all other impacted customers review the following security bulletin and take the necessary actions as soon as possible.
For more information and guidance, download the security bulletin. Contact your first line of support with additional questions.
Follow this bulletin and the Technical and Security Bulletins Community page for additional updates on this and future potential security notifications.
Security update: Hyland Diagnostics Service (Bulletin OB2025-04)
Hyland’s internal security teams recently identified a vulnerability in OnBase impacting the Hyland Diagnostics Service of the Hyland Diagnostics Components. This issue has been categorized as critical for all active service releases of OnBase.
Versions 6.0 to 18.0.x of the Hyland Diagnostics Service are affected by this vulnerability. Versions Foundation EP1 through 24.1.x are not affected. Please note the affected versions listed above have not been in an active servicing state for four or more years. If unable to apply the workarounds outlined within the security bulletin, Hyland strongly recommends upgrading to an in-service release as soon as possible.
The Hyland Engineering team has taken necessary steps to mitigate the vulnerability, and our teams are actively working to mitigate the vulnerability within all Hyland Cloud environments. We strongly recommend all other impacted customers review the following security bulletin and take the necessary actions as soon as possible.
For more information and guidance, download the security bulletin. Contact your first line of support with additional questions.
Follow this bulletin and the Technical and Security Bulletins Community page for additional updates on this and future potential security notifications.