- Site a critical failure of zero day deerialization that affects inherited implementations
- Threat actors exploited vulnerability to implement malware such as Weepsteel
- Mandiant intervened in the middle of the attack, avoiding complete damage
The popular CMS Sitecore platform has patched a critical vulnerability of zero day that is abusing cyber attacks.
Mandiant security researchers observed the threat actors to exploit a zero day defect to implement malware, as well as other legitimate software.]
The defect came from the use of keys of the ASP.NET sample machine published in old implementation guides (before 2017), and now traces as CVE-2025-53690. He was given a gravity score of 9.0/10 (critic).
Cry and other problems
Zero day is described as a vulnerability of critical deerialization that affects Sitecore Experience Manager (XM), Sitecore Experience Platform (XP), Experiment Commerce (XC) and versions of clouds administered up to 9.0, when implemented using the ASP.NET Machine key of sample included in the previous documentation to 2017.
XM Cloud, Content Hub, CDP, Customize, Ordercloud, Storefront, Send, Discover, Search and Commerce Server is not affected.
Mandiant stopped the attack in the middle of the execution, which prevented the researchers from observing the complete attack life cycle. Even so, they managed to find Weepsteel, a piece of malware designed for internal recognition. This malware gathers system information, as well as process, disc and network data. Exfiltra hiding it as standard viewstate responses.
Other tools that attackers were using Earthworm, which is a proxy of network tunnels and reverse socks, Dwagent, which is a remote access tool and the popular archiver 7-zip.
Although Mandiant directed the investigation and interrupted the attack, he did not assign a formal attribution of state-nation or criminal group. That said, tactics, tools and operational maturity suggest a specific campaign of a well -covered actor, possibly with previous experience in the exploitation of asp.net environments.
Sitecore is a digital experience platform (DXP) that counts the main brands, including Nestlé, Subway, Suzuki and Procter & Gamble, as clients to offer personalized and scalable digital experiences.
Through Bleepingcomputer
