CVE-2025-6444 – ServiceStack NTLM Relay Vulnerability

June 25, 2025

CVE ID : CVE-2025-6444

Published : June 25, 2025, 6:15 p.m. | 24 minutes ago

Description : ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the implementation of the GetErrorResponse method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to relay NTLM credentials in the context of the current user. Was ZDI-CAN-25834.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6618 – TOTOLINK CA300-PoE OS Command Injection Vulnerability

Next Article CVE-2025-5834 – Pioneer DMH-WT7600NEX Hardware Root of Trust Bypass Privilege Escalation Vulnerability

Highlights

CVE-2025-24331 – Nokia Single RAN Root Privilege Escalation Vulnerability

July 2, 2025

CVE ID : CVE-2025-24331

Published : July 2, 2025, 9:15 a.m. | 27 minutes ago

Description : The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later.

Beginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-6444 – ServiceStack NTLM Relay Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

These tech markets are taking the brunt of the new US tariffs – what that means for you

Motorola Solutions to outfit first responders with new AI-enabled body cameras

A Comprehensive Guide to LLM Routing: Tools and Frameworks

I compared two of the best Roborock models on the market – and it came down to the wire

CVE-2025-24331 – Nokia Single RAN Root Privilege Escalation Vulnerability

Xbox has turned a corner — the future for Microsoft’s gaming platform once again looks incredibly bright

Bitwig Studio 6 Beta Brings Major Workflow Improvements

Massive NPM Supply Chain Attack Earned Only $600 for Attackers

CVE-2025-6444 – ServiceStack NTLM Relay Vulnerability

Related Posts