CISA orders federal agencies to patch Sitecore zero-day following hacking reports - DataBreaches.Net
Briefly

CISA orders federal agencies to patch Sitecore zero-day following hacking reports - DataBreaches.Net
"Federal civilian agencies have until September 25 to patch a vulnerability in popular content management system Sitecore after incident responders said they disrupted a recent attack involving the bug. Sitecore published a bulletin on Wednesday about CVE-2025-53690, which affects several of the company's products. A key issue with the bug is the use of a sample machine key that was included in Sitecore deployment guides from 2017 and earlier. Many customers simply used the sample machine key and never rotated it to something new."
"Federal civilian agencies have until September 25 to patch a vulnerability in popular content management system Sitecore after incident responders said they disrupted a recent attack involving the bug. Sitecore published a bulletin on Wednesday about CVE-2025-53690, which affects several of the company's products. Mandiant said it recently stopped an attack where hackers leveraged the exposed sample machine key to gain access."
Federal civilian agencies have until September 25 to apply patches for Sitecore vulnerability CVE-2025-53690. Sitecore published a security bulletin stating the flaw impacts multiple products. The vulnerability stems from a sample machine key included in Sitecore deployment guides from 2017 and earlier that many customers left unchanged. Attackers exploited the exposed sample machine key to gain unauthorized access. Incident responders, including Mandiant, disrupted a recent intrusion that leveraged the sample key. Agencies and organizations running affected Sitecore instances are urged to rotate machine keys and apply vendor patches to mitigate exploitation risk.
Read at DataBreaches.Net
Unable to calculate read time
[
|
]