CVE-2025-6444 – ServiceStack NTLM Relay Vulnerability

June 25, 2025

CVE ID : CVE-2025-6444

Published : June 25, 2025, 6:15 p.m. | 24 minutes ago

Description : ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the implementation of the GetErrorResponse method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to relay NTLM credentials in the context of the current user. Was ZDI-CAN-25834.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6618 – TOTOLINK CA300-PoE OS Command Injection Vulnerability

Next Article CVE-2025-5834 – Pioneer DMH-WT7600NEX Hardware Root of Trust Bypass Privilege Escalation Vulnerability

Highlights

CVE-2025-3868 – WordPress Custom Admin-Bar Favorites Reflected Cross-Site Scripting

April 25, 2025

CVE ID : CVE-2025-3868

Published : April 25, 2025, 7:15 a.m. | 14 minutes ago

Description : The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘menuObject’ parameter in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

tRPC vs GraphQL vs REST: Choosing the right API design for modern web applications

Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

OpenAI started as a “countervailing force” to Google — did Elon Musk and Sam Altman torpedo DeepMind’s plans to dictate AGI?

Gears of War: Reloaded preorders — where to buy and everything you need to know

OpenAI’s Sam Altman breaks silence on Microsoft feud with Satya Nadella — citing “points of tension” amid evolution plans

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Salesforce Marketing Cloud Engagement vs. Oracle Eloqua

Exploring Lucidworks Fusion and Coveo Using Apache Solr

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

OpenAI started as a “countervailing force” to Google — did Elon Musk and Sam Altman torpedo DeepMind’s plans to dictate AGI?

Gears of War: Reloaded preorders — where to buy and everything you need to know

CVE-2025-6444 – ServiceStack NTLM Relay Vulnerability

CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability

Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication

cybercog/laravel-clickhouse

CVE-2025-5491: Acer Control Center Bug Allows Remote Code Execution as NT AUTHORITYSYSTEM

Beginner’s Guide to Cloud Data Analytics

CVE-2025-32643 – Mojoomla WPGYM SQL Injection

CVE-2025-3868 – WordPress Custom Admin-Bar Favorites Reflected Cross-Site Scripting

CVE-2025-3957 – Opplus Springboot-Admin SQL Injection Vulnerability

CSS FILTERS Explained

CVE-2025-6416 – PHPGurukul Art Gallery Management System SQL Injection Vulnerability

CVE-2025-6444 – ServiceStack NTLM Relay Vulnerability

Related Posts