CNNVD-202506-3214 Information

CNNVD ID

CNNVD-202506-3214

Related CVE

CVE-2025-6445

• CNNVD Published: 2025-06-25

Description (Chinese)

ServiceStack是ServiceStack公司的一个用于构建高性能Web服务的API。 ServiceStack存在路径遍历漏洞，该漏洞源于FindType方法未正确验证用户提供的路径，可能导致远程代码执行。

Description (English)

ServiceStack is an API for the construction of high-performance Web services by ServiceStack. ServiceStack has a loophole in its path, which stems from the fact that the FindType method does not correctly verify the path provided by the user and may result in remote code execution.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

ServiceStack

Published

2025-06-25

Last Modified

2026-02-24

References

https://docs.servicestack.net/releases/v8_06#reported-vulnerabilities https://www.zerodayinitiative.com/advisories/ZDI-25-416/ https://nvd.nist.gov/vuln/detail/CVE-2025-6445

Patch

https://github.com/ServiceStack/ServiceStack/releases