Threat actors are exploiting CVE-2025-53690 (CVSS 9.0), a critical Remote Code Execution vulnerability in Sitecore Experience Manager and Platform versions prior to 9.0, Google reports. The attacks leverage a sample ASP.NET machine key from outdated deployment guides to execute ViewState deserialization, facilitating the deployment of WeepSteel malware for internal reconnaissance, data exfiltration, and establishing persistent unauthorized access. Sitecore has addressed the defect, issuing an advisory and confirming that updated deployments now generate unique keys, underscoring the ongoing risk from unpatched or misconfigured enterprise systems.
Google has reported a critical remote code execution vulnerability (CVE-2025-53690, CVSS 9.0) affecting Sitecore Experience Manager and Platform versions prior to 9.0. The exploit stems from a legacy issue where a static, sample ASP.NET machine key from pre-2017 deployment guides was used, allowing adversaries to conduct ViewState deserialization attacks on unauthenticated public-facing pages. The attack chain is sophisticated, involving the deployment of the 'WeepSteel' malware for internal reconnaissance, exfiltration of sensitive files, and the installation of open-source tools for network tunneling and remote access. Attackers demonstrated advanced persistence techniques, including creating administrator accounts and disabling password expiration. While Sitecore has since mitigated the issue by ensuring new deployments generate unique keys and has notified affected customers, the incident highlights the significant and persistent risk posed by misconfigured or unpatched legacy enterprise systems. The slightly positive sentiment signal for Alphabet (GOOGL, GOOG) reflects Google's role in discovering and publicizing the threat, reinforcing its brand and credibility in the cybersecurity domain.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
moderately negative
Sentiment Score
-0.50
Ticker Sentiment
