CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

SOAPwn Vulnerability in .NET Framework Enables Remote Code Execution

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A critical vulnerability, codenamed SOAPwn, in the .NET Framework allows attackers to achieve remote code execution by manipulating Web Services Description Language (WSDL) imports and HTTP client proxies. The flaw impacts multiple enterprise applications, including Barracuda Service Center RMM, Ivanti Endpoint Manager (EPM), and Umbraco 8. Exploiting SOAPwn can lead to arbitrary file writes and NTLM relay attacks. Microsoft has declined to patch the issue, attributing it to application behavior. The vulnerability was disclosed at the Black Hat Europe security conference by WatchTowr Labs researcher Piotr Bazydlo. Affected vendors have released patches to address the flaw.

Timeline

  1. 10.12.2025 21:21 1 articles · 4h ago

    SOAPwn Vulnerability Disclosed at Black Hat Europe

    Researcher Piotr Bazydlo from WatchTowr Labs presented findings on the SOAPwn vulnerability at the Black Hat Europe security conference. The flaw allows attackers to exploit WSDL imports and HTTP client proxies to achieve remote code execution in .NET-based applications. Affected vendors have released patches, but Microsoft has declined to address the issue.

    Show sources
    Open in new tab

Information Snippets