CVE-2025-6444 – ServiceStack NTLM Relay Vulnerability

June 25, 2025

CVE ID : CVE-2025-6444

Published : June 25, 2025, 6:15 p.m. | 24 minutes ago

Description : ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the implementation of the GetErrorResponse method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to relay NTLM credentials in the context of the current user. Was ZDI-CAN-25834.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6618 – TOTOLINK CA300-PoE OS Command Injection Vulnerability

Next Article CVE-2025-5834 – Pioneer DMH-WT7600NEX Hardware Root of Trust Bypass Privilege Escalation Vulnerability

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-6444 – ServiceStack NTLM Relay Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

My top 6 browsers after trying nearly every one (spoiler: none are Chrome)

CVE-2025-5502 – TOTOLINK X15 Command Injection Vulnerability

Best Media Creation Tool alternatives to create a Windows 11 bootable USB

CVE-2025-3580 – Grafana Server Administrator Account Deletion Vulnerability

CVE-2025-47665 – Bistromatic N360 Splash Screen Stored Cross-site Scripting Vulnerability

ClassroomParent

T-Mobile launches high-speed home internet service – see if you can get it

Microsoft Edge wants to open websites based on your browsing history at Startup—Here’s how to disable It

CVE-2025-6444 – ServiceStack NTLM Relay Vulnerability

Related Posts