- SITECORE LAPED A CRITICIALLY NIGHT-DAY DESSERIALIZATION ERRORS APPLAYING OLDERS PREPARATIONS
- Threat actors utilized the vulnerability over to implement malware that cried
- Mandiant grabbed into the mid -attack and prevented full damage
The popular CMS platform Sitecore has patched a critical zero-day vulnerability that turned out to be abused in cyberattacks.
Mandiant security researchers observed threat actors who utilized a zero-day error to implement malware as well as other legitimate software.]
The error came from the use of sample ASP.NET machine keys published in old implementation instructions (before 2017) and is now traced as CVE-2025-53690. It got a severity of 9.0/10 (critical).
Weepsteel and other evil
Zero-Day is described as a critical deserialization vulnerability that affects Sitecore Experience Manager (XM), Sitecore Experience Platform (XP), Experience Commerce (XC) and managed cloud versions up to 9.0 when implemented using the ASP.NET MACHINE KEY included in pre-2017 documentation.
XM Cloud, Content Hub, CDP, Personalize, OrderCloud, Storefront, Send, Discover, Search and Commerce Server are apparently not affected.
Mandiant stopped the attack mid -supply, preventing scientists from observing the life cycle in the full attack. Still managed to find weepsteel, a piece of malware designed for internal reconnaissance. This malware collects system information as well as process, disk and network data. It exfiltrates it by hiding it by default ViewState response.
Other tools used by attackers included earthworms, which are a network tunneling and vice versa socks Proxy, Dwagent, which is a remote access tool and the popular archives 7-ZIP.
While Mandiant led the investigation and disturbed the attack, it did not award a formal national state or criminal group attribution. That said, tactics, tools and operational maturity suggest a targeted campaign by a well-developed actor, possibly with prior experience in utilizing ASP.NET environments.
Sitecore is a digital experience platform (DXP) that counts large brands, including Nestlé, Subway, Suzuki and Procter & Gamble, as customers to provide personalized and scalable digital experiences.
Via Bleeping computer
