iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution

17/06/2026

A .NET deserialization vulnerability exists in iba ibaPDA and ibaDatCoordinator. An unauthenticated remote attacker can exploit it to achieve remote code execution.

The ibaPDA Server service (ibaPDAService.exe) listens on TCP port 9170 by default. Clients communicate with the server using GenuineChannels, which uses .NET Remoting. Messages sent to the server are deserialized using BinaryFormatter. GenuineChannels uses Zyan.SafeDeserializationHelpers.dll to filter BinaryFormatter payloads, but the filter only blocks a small set of gadgets (e.g., PSObject, TypeConfuseDelegate) and fails to block many other publicly known BinaryFormatter gadgets. ibaDatCoordinator uses the same vulnerable communication stack.

Ben Smith Wed, 06/17/2026 – 12:09
– Read more

Monday	08:00 - 17:00
Tuesday	08:00 - 17:00
Wednesday	08:00 - 17:00
Thursday	08:00 - 17:00
Friday	08:00 - 17:00

iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution

Latest article

CyberSentinel AI with 33 Security Tools, Including Nmap, SQLMap, ZAP, and uses Claude, GPT

CVE-2025-5791 Users: `root` appended to group listings

JCPenney – 368,418 breached accounts

Threat actor adds advanced ‘EDR killer’ tools to ransomware-as-a-service platform

EDITOR PICKS

CyberSentinel AI with 33 Security Tools, Including Nmap, SQLMap, ZAP, and...

CVE-2025-5791 Users: `root` appended to group listings

JCPenney – 368,418 breached accounts

POPULAR POSTS

Threats to users of adult websites in 2018

The World’s Most Popular Coding Language Happens to be Most Hackers’...

IT threat evolution Q2 2019

POPULAR CATEGORY

CyberSentinel AI with 33 Security Tools, Including Nmap, SQLMap, ZAP, and...

CVE-2025-5791 Users: `root` appended to group listings

JCPenney – 368,418 breached accounts