Recent research reveals vulnerabilities in the .NET Framework, enabling remote code execution through exploitation primitives like SOAPwn. Major affected products include Barracuda Service Center RMM and Ivanti Endpoint Manager, emphasizing the widespread risk of such flaws in enterprise applications. #SOAPwn #WSDL #PowerShell #NTLMrelaying
Keypoints
- The vulnerabilities stem from how .NET Framework handles SOAP messages and WSDL imports, allowing code execution.
- Attackers can manipulate HTTP client proxies to perform arbitrary file writes, leading to potential remote code execution.
- Exploits include overwriting files and deploying web shells or malicious scripts via crafted URL inputs.
- Impact was addressed in updates for Barracuda Service Center RMM (2025.1.1) and Ivanti EPM (2024 SU4 SR1).
- Microsoft has stated the vulnerability arises from application behavior, recommending caution with untrusted input.
Read More: https://thehackernews.com/2025/12/net-soapwn-flaw-opens-door-for-file.html