cbcvebase.
CVE-2025-66631
published 2025-12-09

CVE-2025-66631: CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.56%
42.1th percentile
CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer (NDCS) and is vulnerable to remote code execution during deserialization. This vulnerability is fixed in version 6.0.0. To workaround this issue, remove the WcfProxy in data portal configurations.

Affected

3 ranges
VendorProductVersion rangeFixed in
cslanetcsla_net< 6.0.06.0.0
marimerllccsla< 6.0.06.0.0
marimerllccsla>= 0 < 6.0.06.0.0

Detection & IOCsextracted from sources · hover to see the quote

  • Detect use of NetDataContractSerializer (NDCS) in WcfProxy deserialization paths within CSLA .NET data portal configurations, which is the vulnerable component enabling RCE
  • ·Vulnerable only when WcfProxy is enabled in data portal configurations; removing WcfProxy from data portal configurations mitigates the vulnerability

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.2HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.