Hackers exploited Sitecore zero-day flaw to deploy backdoors

Sitecore zero-day vulnerability springs up from exposed machine key

An attacker exploited a zero-day vulnerability in Sitecore stemming from a misconfiguration of public ASP.NET machine keys that customers implemented based on the vendor’s documentation, according to researchers. The critical zero-day defect — CVE-2025-53690 — was exploited by the attacker using exposed keys to achieve remote code execution, Mandiant Threat Defense said in a report Wednesday. The sample machine keys were included in Sitecore’s d…

Hackers exploited Sitecore zero-day flaw to deploy backdoors

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware.

Researchers warn of zero-day vulnerability in SiteCore products

Mandiant said it was able to disarm a ViewState deserialization attack leveraging exposed ASP.NET keys.

Hackers Exploited Sitecore Zero-day Flaw To Deploy Backdoors - Cybernoz - Cybersecurity News

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState deserialization vulnerability caused by the inclusion of a sample ASP.NET machine key in pre-2017 Sitecore guides. Some customers reused this key in production, allowing attackers with knowledge of the key to craft valid, but malicious ‘_VIEWSTATE’ payloads t…

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) - Help Net Security

A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 CVE-2025-53690 is a ViewState deserialization vulnerability that affects any version of Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud. Deployed instance…

Google Alerts to Active Exploitation of Sitecore Zero-Day Flaw

Security teams have issued a warning after Google researchers detected active attacks exploiting a new zero-day vulnerability in Sitecore products. Tracked as CVE-2025-53690, this flaw allows attackers to run code on unpatched servers by tampering with the ViewState mechanism in ASP.NET. Sitecore, a popular content management system, published deployment guides in 2017 and earlier that included […] The post Google Alerts to Active Exploitation o…