CVE-2025-6445
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-25

Last updated on: 2025-08-08

Assigner: Zero Day Initiative

Description
ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of the FindType method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25837.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-25
Last Modified
2025-08-08
Generated
2026-05-07
AI Q&A
2025-06-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6445
EUVD
EUVD-2025-19131
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
servicestack servicestack to 8.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-6445 is a remote code execution vulnerability in the ServiceStack library, specifically in the FindType method. The vulnerability occurs because the method does not properly validate user-supplied paths before using them in file operations. This flaw allows remote attackers to execute arbitrary code on affected systems with the privileges of the current process. Exploitation requires interaction with the ServiceStack library, but the exact attack vectors can vary depending on how the library is implemented. [1]


How can this vulnerability impact me? :

This vulnerability can have a severe impact as it allows remote attackers to execute arbitrary code on your system without needing any privileges or user interaction. Successful exploitation can compromise the confidentiality, integrity, and availability of your system, potentially leading to unauthorized access, data theft, system manipulation, or denial of service. [1]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should update ServiceStack to the latest version that includes the fix for CVE-2025-6445. Applying the official patch or update released by ServiceStack will address the improper validation issue in the FindType method and prevent remote code execution. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart