Browse all 3 CVE security advisories affecting ServiceStack. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ServiceStack is a .NET framework for building web services and APIs, commonly used for rapid development of RESTful endpoints. Historically, it has been susceptible to remote code execution vulnerabilities, particularly through unsafe deserialization and input validation flaws, as well as cross-site scripting issues in its components. While no major public security incidents have been widely reported, the three CVEs on record highlight potential risks in default configurations and improper access controls. Developers should ensure proper input sanitization, implement secure deserialization practices, and apply timely updates to mitigate these vulnerabilities, especially when exposing services to untrusted networks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-6445 | ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability — ServiceStackCWE-22 | 9.8AI | CriticalAI | 2025-06-25 |
| CVE-2025-6444 | ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability — ServiceStackCWE-20 | 7.5AI | HighAI | 2025-06-25 |
| CVE-2019-1010199 | ServiceStack Framework 跨站脚本漏洞 — ServiceStack Framework | 6.1 | - | 2019-07-23 |
This page lists every published CVE security advisory associated with ServiceStack. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.