How to fix EUVD-2025-19131?

Within 24 hours: Identify all systems running ServiceStack and assess exposure; isolate critical instances if possible and implement network-level access controls. Within 7 days: Deploy WAF rules to block malicious FindType requests, disable the FindType functionality if not essential, and implement strict input validation on file path parameters. Within 30 days: Coordinate with ServiceStack for patch release timeline; plan emergency patching strategy and consider alternative libraries if vendor support is uncertain.

Is Servicestack affected by EUVD-2025-19131?

CVE-2025-6445 is a critical remote code execution vulnerability in ServiceStack that allows unauthenticated attackers to execute arbitrary commands on affected systems.

EUVD-2025-19131

| CVE-2025-6445 HIGH

2025-06-25 [email protected]

8.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 23:19 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 23:19 euvd

EUVD-2025-19131

CVE Published

Jun 25, 2025 - 18:15 nvd

HIGH 8.1

Description

ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of the FindType method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25837.

Analysis

CVE-2025-6445 is a critical directory traversal vulnerability in ServiceStack's FindType method that allows remote attackers to execute arbitrary code without authentication. The vulnerability stems from insufficient path validation in file operations, enabling attackers to traverse the filesystem and execute malicious code in the context of the affected application process. With a CVSS score of 8.1 and network-based attack vector, this vulnerability poses significant risk to ServiceStack deployments, though exploitation requires application-level interaction with the vulnerable FindType method.

Technical Context

ServiceStack is a popular open-source .NET web services framework that provides rapid development capabilities for REST and SOAP services. The vulnerability resides in the FindType method implementation, which fails to properly validate user-supplied path parameters before using them in file system operations. This is a classic CWE-22 (Path Traversal) vulnerability where an attacker can use path traversal sequences (e.g., '../', '..\') to access files outside the intended directory scope. Once arbitrary files are accessible through path traversal, the attacker can potentially load and execute malicious code through ServiceStack's reflection and type-loading mechanisms. The vulnerability affects ServiceStack versions across multiple platforms where the FindType method is exposed to user input, typically through HTTP request parameters or service method arguments.

Affected Products

ServiceStack (all affected versions prior to patched release) - specific version numbers not provided in advisory data but typically includes: ServiceStack v5.x and v6.x series. Affected scenarios include: ServiceStack applications that expose the FindType method through REST endpoints, service clients, or configuration mechanisms that accept user-supplied path parameters. The vulnerability affects ServiceStack across Windows, Linux, and macOS deployments where the .NET runtime processes the vulnerable code path. Without explicit CPE strings in the provided data, affected scope includes pkg:nuget/ServiceStack and related packages (ServiceStack.Common, ServiceStack.Client, etc.) across version ranges prior to patched release. Vendor should be consulted for definitive version matrix.

Remediation

1. IMMEDIATE: Update ServiceStack to the latest patched version released by the vendor (version specifics should be verified in official ServiceStack security advisory - typically a point release addressing CVE-2025-6445). 2. VALIDATION WORKAROUND (pre-patch): Implement strict input validation on any user-supplied path parameters passed to FindType or related methods - whitelist acceptable paths, reject traversal sequences ('../', '..\', and encoded variants), and use Path.GetFullPath() with directory containment checks. 3. NETWORK SEGMENTATION: Restrict network access to ServiceStack endpoints to trusted sources if immediate patching is delayed. 4. DISABLE EXPOSED METHODS: If FindType functionality is not required by the application, disable or restrict access to it through application configuration or IIS/reverse proxy rules. 5. MONITORING: Implement logging and alerting for requests containing path traversal sequences to the affected endpoints. Consult official ServiceStack security advisories (likely at github.com/ServiceStack/ServiceStack) and nuget.org for patched package versions.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.6

CVSS: +40

POC: 0

EUVD-2025-19131 vulnerability details – vuln.today

Back

EUVD-2025-19131

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-19131

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code