216.73.217.64

ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)

· Published 04/09/2025 17:54 · Modified 04/09/2025 21:45

Export JSON

Essential information

Published
04/09/2025 17:54
Modified
04/09/2025 21:45
Tags
2025-09-04 CVE-2025-53690 deserialization dwagent earthworm lateral movement privilege-escalation reconnaissance remote code execution sharphound sitecore viewstate weepsteel
Related entities
15 techniques (mitre)

Description

A critical vulnerability () was discovered in products, affecting deployments using an exposed sample machine key. The attacker exploited this to achieve , progressing from initial compromise to privilege escalation. Key events included deploying malware for , archiving sensitive files, staging tools like and , creating local admin accounts, dumping credentials, and performing Active Directory with . The attack demonstrated sophisticated knowledge of the target system and leveraged various techniques for persistence and . has addressed the issue and notified affected customers.

External references