What's Happening?
A zero-day vulnerability in Sitecore has been exploited due to a misconfiguration involving public ASP.NET machine keys. The flaw, identified as CVE-2025-53690, allows attackers to achieve remote code execution by using exposed keys. The vulnerability affects Sitecore Experience Platform 9.0 and earlier versions, as well as Experience Manager and Experience Commerce when deployed in multi-instance mode with static machine keys. Mandiant Threat Defense reported the issue, highlighting the risk of ViewState deserialization attacks due to compromised validation keys.
Why It's Important?
This vulnerability poses a significant risk to organizations using Sitecore, as it allows attackers to gain unauthorized access and potentially steal sensitive data. The exploitation of public machine keys underscores the importance of secure configuration practices in software deployment. Organizations affected by this vulnerability may face operational disruptions, data breaches, and reputational damage. The incident highlights the need for vigilance in cybersecurity practices and the importance of regularly updating and securing software configurations.
What's Next?
Sitecore and cybersecurity experts recommend rotating machine keys and searching for evidence of ViewState deserialization attacks. Organizations are advised to review their deployment practices to ensure unique and secure keys are used. The incident may prompt Sitecore to revise its documentation and provide clearer guidance on secure configuration practices. Affected organizations will need to assess the extent of the compromise and implement measures to prevent future attacks.