CVE-2025-66631
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-66631
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66631.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-66631
- Aliases
- Published
- 2025-12-09T03:18:37.698Z
- Modified
- 2025-12-09T19:46:22.568667Z
- Severity
-
- 7.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- CSLA .NET is vulnerable to Remote Code Execution via WcfProxy
- Details
-
CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer (NDCS) and is vulnerable to remote code execution during deserialization. This vulnerability is fixed in version 6.0.0. To workaround this issue, remove the WcfProxy in data portal configurations.
- Database specific
{ "cwe_ids": [ "CWE-502" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66631.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66631.json
- https://github.com/MarimerLLC/csla/issues/4001
- https://github.com/MarimerLLC/csla/pull/4018
- https://github.com/MarimerLLC/csla/security/advisories/GHSA-wq34-7f4g-953v
- https://nvd.nist.gov/vuln/detail/CVE-2025-66631
Affected packages
Git / github.com/marimerllc/csla
Affected versions
4.*
4.5.500
4.5.501
4.5.681
4.5.700
Other
V1-51
V2-0-0
V2-0-begin
V2-1-4
V3-0-5
V4-0-0
V4-1-0
V4-2-0
V4-3-10
V4-5-10
V4-5-12
V4-5-13
V4-5-14
V4-5-15
V4-5-20
V4-5-begin
V4.*
V4.5.30
V4.5.40
v4.*
v4.5.600
v4.5.601
v4.6.001
v4.6.100
v4.6.200
v4.6.300
v4.6.400
v4.6.500
v4.6.600
v4.6.601
v4.6.602
v4.6.603
v4.7.100
v4.7.101
v4.7.200
v4.8.0
v4.8.1
v4.8.1.1
v4.9.0
v5.*
v5.0.0
v5.0.1
v5.1.0
v5.2.0
v5.3.0
v5.3.1
v5.3.2
v5.4.0