#viewstate-deserialization

[ follow ]
#sitecore
fromThe Hacker News
9 hours ago
Information security

CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

FCEB agencies must update Sitecore by September 25, 2025 to mitigate CVE-2025-53690, a critical deserialization vulnerability enabling remote code execution via exposed ASP.NET machine keys.
fromTheregister
1 day ago
Information security

Unknown miscreants snooping around Sitecore via sample keys

Sitecore instances using default/sample ASP.NET machine keys are vulnerable to ViewState deserialization (CVE-2025-53690), enabling remote code execution and malware deployment.
[ Load more ]