AI description
CVE-2025-27218 is a pre-authentication remote code execution (RCE) vulnerability affecting Sitecore Experience Manager (XM) and Experience Platform (XP) versions 8.2 through 10.4. This flaw allows unauthenticated attackers to execute arbitrary code on vulnerable servers. The vulnerability stems from unsafe deserialization practices within Sitecore's implementation of the .NET BinaryFormatter class, specifically within the MachineKeyTokenService.IsTokenValid method. Exploitation is achieved by crafting a malicious serialized payload and delivering it through the ThumbnailsAccessToken HTTP header. This bypasses authentication checks and allows the execution of commands with WindowsIdentity privileges. Patches are available (KB1002844), and organizations using Sitecore are strongly urged to update their systems immediately. As of today, March 6, 2025, exploit development is likely underway, making prompt patching crucial.
- Description
- Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization.
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-94
- Hype score
- Not currently trending
CISA KEV 警告 25/03/26:6年前に発見された Sitecore CMS/XP の脆弱性を登録 https://t.co/zaDPdgGNXo Sitecore CMS/XP の、古い脆弱性が CISA KEV に登録されました。 つい先日の 2025/03/06 には、「Sitecore の脆弱性 CVE-2025-27218 が FIX:認証を必要としない RCE
@iototsecnews
7 Apr 2025
29 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
This week's RCEs are locked in: Tomcat Partial PUT Java Deserialization, CmsMadeSimple, and Sitecore CVE-2025-27218. Plus, we've added more PKCS12 certificate storage. https://t.co/61en5S4FSR
@metasploit
4 Apr 2025
2974 Impressions
7 Retweets
27 Likes
2 Bookmarks
0 Replies
0 Quotes
Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 https://t.co/N0aDbnbkIh @SLCyberSec https://t.co/SPsGIhXbBC
@sans_isc
27 Mar 2025
1059 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 https://t.co/N0aDbnbSxP https://t.co/nEUt7EgLgB
@sans_isc
27 Mar 2025
264 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Sitecore: Unsafe Deserialisation Again! (CVE-2025-27218) › Searchlight Cyber https://t.co/Edrz7dlAVo https://t.co/eU7iw4pDvr
@z0_enix
8 Mar 2025
32 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Our security research team discovered a pre-auth RCE (CVE-2025-27218) in Sitecore XP 10.4. You can read our research here: https://t.co/CzoIe0mlO2
@assetnote
6 Mar 2025
4186 Impressions
12 Retweets
103 Likes
24 Bookmarks
0 Replies
0 Quotes
Nice assessment of Sitecore XM + XP remote code execution CVE-2025-27218 c/o @rapid7's pen testing team 🎉 https://t.co/N1FHZsXeV6
@catc0n
5 Mar 2025
2708 Impressions
10 Retweets
37 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2025-27218 Unauthenticated Remote Code Execution in Sitecore Experience Manager 10.4 https://t.co/AXHQzkSCZn
@VulmonFeeds
20 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27218 Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization. https://t.co/2qHoGxgwEV
@CVEnew
20 Feb 2025
485 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes