CVE-2025-6445 – ServiceStack's FindType method contains a direc... (How to Fix)

Q: What is the severity of CVE-2025-6445?

CVE-2025-6445 has a CVSS score of 8.1 (HIGH). ServiceStack's FindType method contains a directory traversal vulnerability that allows remote attackers to execute arbitrary code by manipulating file paths. This affects applications using vulnerable ServiceStack versions that expose the FindType functionality. Attackers can achieve remote code execution in the context of the application process.

📋 TL;DR

ServiceStack's FindType method contains a directory traversal vulnerability that allows remote attackers to execute arbitrary code by manipulating file paths. This affects applications using vulnerable ServiceStack versions that expose the FindType functionality. Attackers can achieve remote code execution in the context of the application process.

💻 Affected Systems

Products:

ServiceStack

Versions: Versions prior to 8.0.6

Operating Systems: All platforms running ServiceStack

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using ServiceStack's FindType method with user-controlled input is vulnerable.

📦 What is this software?

Servicestack by Servicestack

View all CVEs affecting Servicestack →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution with application privileges, potentially leading to data theft, lateral movement, or ransomware deployment.

🟠

Likely Case

Remote code execution allowing attackers to steal sensitive data, deploy malware, or pivot to other systems within the network.

🟢

If Mitigated

Limited impact due to proper input validation, network segmentation, and least privilege controls preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires interaction with the vulnerable library but attack vectors vary by implementation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.0.6

Vendor Advisory: https://docs.servicestack.net/releases/v8_06#reported-vulnerabilities

Restart Required: Yes

Instructions:

1. Update ServiceStack to version 8.0.6 or later. 2. Restart the application. 3. Verify the update was successful.

🔧 Temporary Workarounds

Input Validation

all

Implement strict input validation for all user-supplied paths used with FindType method.

Network Segmentation

all

Restrict network access to vulnerable applications using firewalls or network policies.

🧯 If You Can't Patch

Implement strict input validation and sanitization for all user-controlled path parameters
Apply network segmentation and restrict access to vulnerable endpoints

🔍 How to Verify

Check if Vulnerable:

Check ServiceStack version in application dependencies or configuration files.

Check Version:

Check package manager (nuget, npm, etc.) or application configuration for ServiceStack version

Verify Fix Applied:

Verify ServiceStack version is 8.0.6 or later and test path traversal attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual file path patterns in requests
Failed file access attempts outside expected directories
Suspicious process execution

Network Indicators:

HTTP requests with directory traversal sequences (../, ..\) to ServiceStack endpoints

SIEM Query:

source="web_logs" AND (uri="*../*" OR uri="*..\*") AND user_agent="*ServiceStack*"

📊 Metadata

CVE ID: CVE-2025-6445

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

EPSS Score: 0.45% exploit probability (63th percentile)

Published: June 25, 2025

Last Updated: August 8, 2025

🔗 References

https://docs.servicestack.net/releases/v8_06#reported-vulnerabilities Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-25-416/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6445, you might also want to check these: