#sitecore

[ follow ]
#cve-2025-53690 #remote-code-execution #viewstate-deserialization #sample-machine-key #mandiant
#cve-2025-53690
fromDataBreaches.Net
3 days ago
Information security

CISA orders federal agencies to patch Sitecore zero-day following hacking reports - DataBreaches.Net

fromDataBreaches.Net
3 days ago
Information security

CISA orders federal agencies to patch Sitecore zero-day following hacking reports - DataBreaches.Net

more#cve-2025-53690
fromThe Hacker News
1 week ago

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

CVE-2025-53693 - HTML cache poisoning through unsafe reflections CVE-2025-53691 - Remote code execution (RCE) through insecure deserialization CVE-2025-53694 - Information Disclosure in ItemService API with a restricted anonymous user, leading to exposure of cache keys using a brute-force approach Patches for the first two shortcomings were released by Sitecore in June and for the third in July 2025, with the company stating that "successful exploitation of the related vulnerabilities might lead to remote code execution and non-authorized access to information."
Information security
Privacy technologies
fromTheregister
2 months ago

Sitecore fixes pre-auth RCE exploits in enterprise CMS

A pre-authentication exploit chain in Sitecore CMS could lead to full system takeover, affecting major companies.
Researchers found hardcoded passwords and other vulnerabilities in Sitecore CMS, posing serious security risks.
[ Load more ]