CVE-2025-66631
published 2025-12-09CVE-2025-66631: CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.56%
42.1th percentile
CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer (NDCS) and is vulnerable to remote code execution during deserialization. This vulnerability is fixed in version 6.0.0. To workaround this issue, remove the WcfProxy in data portal configurations.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cslanet | csla_net | < 6.0.0 | 6.0.0 |
| marimerllc | csla | < 6.0.0 | 6.0.0 |
| marimerllc | csla | >= 0 < 6.0.0 | 6.0.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect use of NetDataContractSerializer (NDCS) in WcfProxy deserialization paths within CSLA .NET data portal configurations, which is the vulnerable component enabling RCE ↗
- ·Vulnerable only when WcfProxy is enabled in data portal configurations; removing WcfProxy from data portal configurations mitigates the vulnerability ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.2HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)
osv·2025-12-08
CVE-2025-66631 [HIGH] Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)
Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)
### Impact
Versions of CSLA .NET prior to version 6 allow the use of WcfProxy. WcfProxy uses the NetDataContractSerializer (NDCS) which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid using WcfProxy or upgrade to CSLA 6 or higher where this issue does not exist.
### Patches
CSLA .NET version 6 and higher do not use WCF or NetDataContractSerializer.
### Workarounds
If you are using a version CSLA .NET older than version 6, you should stop using WcfProxy in your data portal configuration. Doing this avoids the use of WCF and the NetDataContractSerializer, avoiding the vulnerability.
GHSA
Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)
ghsa·2025-12-08
CVE-2025-66631 [HIGH] CWE-502 Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)
Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)
### Impact
Versions of CSLA .NET prior to version 6 allow the use of WcfProxy. WcfProxy uses the NetDataContractSerializer (NDCS) which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid using WcfProxy or upgrade to CSLA 6 or higher where this issue does not exist.
### Patches
CSLA .NET version 6 and higher do not use WCF or NetDataContractSerializer.
### Workarounds
If you are using a version CSLA .NET older than version 6, you should stop using WcfProxy in your data portal configuration. Doing this avoids the use of WCF and the NetDataContractSerializer, avoiding the vulnerability.
No detection rules found.
No public exploits indexed.
2025-12-09
Published