PT-2025-49778 · Csla .Net · Csla .Net
Publicado
2025-12-09
·
Atualizado
2025-12-09
·
CVE-2025-66631
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CSLA .NET versions prior to 6.0.0
Description
CSLA .NET is a framework for building business layers in applications. Versions 5.5.4 and below permit the use of
WcfProxy, which utilizes the outdated NetDataContractSerializer (NDCS). This configuration creates a risk of remote code execution during deserialization. The issue is addressed in version 6.0.0.Recommendations
Remove the
WcfProxy in data portal configurations.Exploit
Correção
RCE
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Csla .Net