CNNVD-202506-3213 Information

CNNVD ID

CNNVD-202506-3213

Related CVE

CVE-2025-6444

• CNNVD Published: 2025-06-25

Description (Chinese)

ServiceStack是ServiceStack公司的一个用于构建高性能Web服务的API。 ServiceStack存在输入验证错误漏洞，该漏洞源于GetErrorResponse方法未正确验证用户输入，可能导致NTLM凭据中继攻击。

Description (English)

ServiceStack is an API for the construction of high-performance Web services by ServiceStack. The ServiceStack had an input authentication error that originated from the GetErrorResponse method ’ s incorrect validation of user input, which could lead to NTLM ’ s back-up attack.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

ServiceStack

Published

2025-06-25

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-415/ https://nvd.nist.gov/vuln/detail/CVE-2025-6444

Patch

https://docs.servicestack.net/releases/v8_06#zdi-can-25837