Wiz
Vulnerability DatabaseCVE-2023-32571

CVE-2023-32571
C# vulnerability analysis and mitigation

Overview

Dynamic Linq versions 1.0.7.10 through 1.2.25 before 1.3.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code and commands when untrusted input is parsed through methods including Where, Select, and OrderBy. The vulnerability was assigned CVE-2023-32571 and was disclosed in June 2023 (NVD).

Technical details

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue stems from insufficient validation of dynamic LINQ queries that allows injection of arbitrary code through methods like Where, Select and OrderBy. The vulnerability affects the System.Linq.Dynamic.Core package (GitHub).

Impact

Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code and commands on affected systems. Given the CVSS score of 9.8, this represents a critical security risk with potential for complete system compromise (NVD).

Mitigation and workarounds

Users should upgrade to Dynamic Linq version 1.3.0 or later which contains fixes for this vulnerability. The fix includes changes to restrict method calls on object types and additional security controls around OrderBy/ThenBy operations (GitHub).

Additional resources

SourceThis report was generated using AI

Related C# vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-64095CRITICAL9.8
  • C#C#
  • DNN.PLATFORM
NoYesOct 28, 2025
CVE-2025-61413MEDIUM6.1
  • C#C#
  • Piranha
NoNoOct 23, 2025
CVE-2025-62594MEDIUM5.5
  • C#C#
  • Magick.NET-Q16-HDRI-x64
NoYesOct 27, 2025
CVE-2025-64094MEDIUM5.4
  • C#C#
  • DotNetNuke.Core
NoYesOct 28, 2025
CVE-2025-62802MEDIUM4.3
  • C#C#
  • Dnn.Platform
NoYesOct 28, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo