A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 CVE-2025-53690 is a ViewState deserialization vulnerability that affects any version of Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud. Deployed instances are affected by this vulnerability if they have been deployed by using a sample machine key that has been … More
The post Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) appeared first on Help Net Security.
This article has been indexed from Help Net Security
Read the original article: