CVE-2025-6444 – ServiceStack NTLM Relay Vulnerability

June 25, 2025

CVE ID : CVE-2025-6444

Published : June 25, 2025, 6:15 p.m. | 24 minutes ago

Description : ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the implementation of the GetErrorResponse method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to relay NTLM credentials in the context of the current user. Was ZDI-CAN-25834.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6618 – TOTOLINK CA300-PoE OS Command Injection Vulnerability

Next Article CVE-2025-5834 – Pioneer DMH-WT7600NEX Hardware Root of Trust Bypass Privilege Escalation Vulnerability

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-6444 – ServiceStack NTLM Relay Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

LWiAI Podcast #212 – o3 pro, Cursor 1.0, ProRL, Midjourney Sued

CVE-2025-6994 – Smartdatasoft WordPress Reveal Listing Plugin Privilege Escalation

CVE-2025-4329 – 74CMS Path Traversal Vulnerability

Best early Labor Day laptop deals 2025: Sales on Apple, Dell, Lenovo, and more

CVE-2025-49735 – “Microsoft Windows KPSSVC Use-After-Free Code Execution Vulnerability”

I changed 12 settings on my Apple TV to instantly improve the performance

After a year of waiting, Microsoft’s Meta Quest 3S “Xbox Edition” is here — our hands-on review of this (very) limited edition partnership

Redpanda Announces the General Availability of Apache Iceberg Topics for the Enterprise

CVE-2025-6444 – ServiceStack NTLM Relay Vulnerability

Related Posts