Remote Code Execution Vulnerability in CSLA .NET Framework by Marimer LLC
CVE-2025-66631

7.2HIGH

Key Information:

Vendor

Marimerllc

Status
Csla
Vendor
CVE Published:
9 December 2025

What is CVE-2025-66631?

The CSLA .NET framework, used for building reusable business layers, has a vulnerability affecting versions up to 5.5.4. This issue arises from the use of WcfProxy, which employs the outdated NetDataContractSerializer (NDCS). Attackers can exploit this vulnerability to perform remote code execution via deserialization, potentially compromising the application's integrity and security. To mitigate the risk, it is recommended to upgrade to version 6.0.0 or remove WcfProxy from data portal configurations. For more information, consult the official advisory links.

Affected Version(s)

csla < 6.0.0

References

https://github.com/MarimerLLC/csla/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/MarimerLLC/csla/issues/4001
x_refsource_MISC
https://github.com/MarimerLLC/csla/pull/4018
x_refsource_MISC

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.