Directory Traversal Vulnerability in ServiceStack
CVE-2025-6445

8.1HIGH

Key Information:

Vendor: Servicestack
Status: Servicestack
Vendor: CVE Published:; 25 June 2025

🔔 Create Servicestack Vulnerability Alert

What is CVE-2025-6445?

A vulnerability in ServiceStack's FindType method allows remote attackers to perform directory traversal, enabling unauthorized code execution. The flaw arises from insufficient validation of user-supplied paths during file operations. Attackers can exploit this weakness to execute arbitrary code with the permissions of the affected application, potentially leading to severe consequences for data integrity and system security.

Affected Version(s)

ServiceStack 8.4.0

References

https://www.zerodayinitiative.com/advisories/ZDI-25-416/

x_research-advisory

https://docs.servicestack.net/releases/v8_06#reported-vul...

vendor-advisory

CVSS V3.0

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2025
Vulnerability Reserved
Jun 20, 2025