US EditionHackers exploited Sitecore zero-day flaw to deploy backdoors
Sitecore advises immediate rotation of static machine keys after discovery of CVE-2025-53690, a vulnerability exploited via publicly documented sample keys enabling remote code execution.
8 Articles
8 Articles
Sitecore zero-day vulnerability springs up from exposed machine key
An attacker exploited a zero-day vulnerability in Sitecore stemming from a misconfiguration of public ASP.NET machine keys that customers implemented based on the vendor’s documentation, according to researchers. The critical zero-day defect — CVE-2025-53690 — was exploited by the attacker using exposed keys to achieve remote code execution, Mandiant Threat Defense said in a report Wednesday. The sample machine keys were included in Sitecore’s d…
Cybersecurity Dive
IT Security News - cybersecurity, infosecurity newsResearchers warn of zero-day vulnerability in SiteCore products
Mandiant said it was able to disarm a ViewState deserialization attack leveraging exposed ASP.NET keys.
Sitecore zero-day configuration flaw under active exploitation
A sample ASP.NET machine key in old deployment guides for Sitecore products is being exploited by attackers to launch ViewState code injection attacks that compromise servers. According to Google’s Mandiant Threat Defense team, after initial exploitation, the attackers deploy tools to escalate privileges, add new users (including admins), establish remote access tunnels, and dump credentials that enable them to perform lateral movement to other …
Hackers Exploited Sitecore Zero-day Flaw To Deploy Backdoors - Cybernoz - Cybersecurity News
Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState deserialization vulnerability caused by the inclusion of a sample ASP.NET machine key in pre-2017 Sitecore guides. Some customers reused this key in production, allowing attackers with knowledge of the key to craft valid, but malicious ‘_VIEWSTATE’ payloads t…
Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) - Help Net Security
A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 CVE-2025-53690 is a ViewState deserialization vulnerability that affects any version of Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud. Deployed instance…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
