PT-2025-49778 · Csla .Net · Csla .Net
Published
2025-12-09
·
Updated
2025-12-09
·
CVE-2025-66631
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CSLA .NET versions prior to 6.0.0
Description
CSLA .NET is a framework for building business layers in applications. Versions 5.5.4 and below permit the use of
WcfProxy, which utilizes the outdated NetDataContractSerializer (NDCS). This configuration creates a risk of remote code execution during deserialization. The issue is addressed in version 6.0.0.Recommendations
Remove the
WcfProxy in data portal configurations.Exploit
Fix
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Csla .Net