CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...

EUVD-2025-201825

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...

Sitecore Experience Platform (XP) PreAuth Deserialization RCE

This module exploits a deserialization vulnerability in the Report.ashx page of Sitecore XP 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7. Versions 7.2.6 and earlier and 9.0 and later are not affected. The vulnerability occurs due to Report.ashx's handler, located in...

Sitecore Experience Platform (XP) Remote Code Execution Exploit

This Metasploit module exploits a deserialization vulnerability in the Report.ashx page of Sitecore XP 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7. Versions 7.2.6 and earlier and 9.0 and later are not affected. The vulnerability occurs due to Report.ashx's handler, located in...

Sitecore Experience Platform (XP) Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sitecore Experience Platform XP PreAuth Deserialization RCE', 'Description' = %q This module exploits a deserialization vulnerability in the...