Vulnerability-Lookup

GHSA-WQ34-7F4G-953V

Vulnerability from github – Published: 2025-12-08 22:15 – Updated: 2025-12-09 19:17

Summary

Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)

Details

Impact

Versions of CSLA .NET prior to version 6 allow the use of WcfProxy. WcfProxy uses the NetDataContractSerializer (NDCS) which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid using WcfProxy or upgrade to CSLA 6 or higher where this issue does not exist.

Patches

CSLA .NET version 6 and higher do not use WCF or NetDataContractSerializer.

Workarounds

If you are using a version CSLA .NET older than version 6, you should stop using WcfProxy in your data portal configuration. Doing this avoids the use of WCF and the NetDataContractSerializer, avoiding the vulnerability.

Severity

7.2 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Csla"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66631"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-08T22:15:56Z",
    "nvd_published_at": "2025-12-09T16:18:22Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nVersions of CSLA .NET prior to version 6 allow the use of WcfProxy. WcfProxy uses the NetDataContractSerializer (NDCS) which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid using WcfProxy or upgrade to CSLA 6 or higher where this issue does not exist.\n\n### Patches\nCSLA .NET version 6 and higher do not use WCF or NetDataContractSerializer.\n\n### Workarounds\nIf you are using a version CSLA .NET older than version 6, you should stop using WcfProxy in your data portal configuration. Doing this avoids the use of WCF and the NetDataContractSerializer, avoiding the vulnerability.",
  "id": "GHSA-wq34-7f4g-953v",
  "modified": "2025-12-09T19:17:25Z",
  "published": "2025-12-08T22:15:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/MarimerLLC/csla/security/advisories/GHSA-wq34-7f4g-953v"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66631"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MarimerLLC/csla/issues/4001"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MarimerLLC/csla/pull/4018"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/MarimerLLC/csla"
    },
    {
      "type": "WEB",
      "url": "https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca2310"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)"
}

CVE-2025-66631 (GCVE-0-2025-66631)

Vulnerability from cvelistv5 – Published: 2025-12-09 03:18 – Updated: 2025-12-09 15:15

Title

CSLA .NET is vulnerable to Remote Code Execution via WcfProxy

Summary

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer (NDCS) and is vulnerable to remote code execution during deserialization. This vulnerability is fixed in version 6.0.0. To workaround this issue, remove the WcfProxy in data portal configurations.

Severity

7.2 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/MarimerLLC/csla/security/advis…	x_refsource_CONFIRM
https://github.com/MarimerLLC/csla/issues/4001	x_refsource_MISC
https://github.com/MarimerLLC/csla/pull/4018	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
MarimerLLC	csla	Affected: < 6.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66631",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T15:15:00.371059Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-09T15:15:06.460Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "csla",
          "vendor": "MarimerLLC",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer (NDCS) and is vulnerable to remote code execution during deserialization. This vulnerability is fixed in version 6.0.0. To workaround this issue, remove the WcfProxy in data portal configurations."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T03:18:37.698Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/MarimerLLC/csla/security/advisories/GHSA-wq34-7f4g-953v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/MarimerLLC/csla/security/advisories/GHSA-wq34-7f4g-953v"
        },
        {
          "name": "https://github.com/MarimerLLC/csla/issues/4001",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/MarimerLLC/csla/issues/4001"
        },
        {
          "name": "https://github.com/MarimerLLC/csla/pull/4018",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/MarimerLLC/csla/pull/4018"
        }
      ],
      "source": {
        "advisory": "GHSA-wq34-7f4g-953v",
        "discovery": "UNKNOWN"
      },
      "title": "CSLA .NET is vulnerable to Remote Code Execution via WcfProxy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66631",
    "datePublished": "2025-12-09T03:18:37.698Z",
    "dateReserved": "2025-12-05T15:42:44.716Z",
    "dateUpdated": "2025-12-09T15:15:06.460Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted