#sitecore

[ follow ]
#remote-code-execution #cve-2025-53690 #viewstate-deserialization #aspnet-machine-keys
#cve-2025-53690
fromThe Hacker News
5 hours ago
Information security

CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

FCEB agencies must update Sitecore by September 25, 2025 to mitigate CVE-2025-53690, a critical deserialization vulnerability enabling remote code execution via exposed ASP.NET machine keys.
fromTheregister
23 hours ago
Information security

Unknown miscreants snooping around Sitecore via sample keys

Sitecore instances using default/sample ASP.NET machine keys are vulnerable to ViewState deserialization (CVE-2025-53690), enabling remote code execution and malware deployment.
more#cve-2025-53690
fromThe Hacker News
1 week ago

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

CVE-2025-53693 - HTML cache poisoning through unsafe reflections CVE-2025-53691 - Remote code execution (RCE) through insecure deserialization CVE-2025-53694 - Information Disclosure in ItemService API with a restricted anonymous user, leading to exposure of cache keys using a brute-force approach Patches for the first two shortcomings were released by Sitecore in June and for the third in July 2025, with the company stating that "successful exploitation of the related vulnerabilities might lead to remote code execution and non-authorized access to information."
Information security
Privacy technologies
fromTheregister
2 months ago

Sitecore fixes pre-auth RCE exploits in enterprise CMS

A pre-authentication exploit chain in Sitecore CMS could lead to full system takeover, affecting major companies.
Researchers found hardcoded passwords and other vulnerabilities in Sitecore CMS, posing serious security risks.
[ Load more ]