AI description
CVE-2025-27218 is a pre-authentication remote code execution (RCE) vulnerability affecting Sitecore Experience Manager (XM) and Experience Platform (XP) versions 8.2 through 10.4. This flaw allows unauthenticated attackers to execute arbitrary code on vulnerable servers. The vulnerability stems from unsafe deserialization practices within Sitecore's implementation of the .NET BinaryFormatter class, specifically within the MachineKeyTokenService.IsTokenValid method. Exploitation is achieved by crafting a malicious serialized payload and delivering it through the ThumbnailsAccessToken HTTP header. This bypasses authentication checks and allows the execution of commands with WindowsIdentity privileges. Patches are available (KB1002844), and organizations using Sitecore are strongly urged to update their systems immediately. As of today, March 6, 2025, exploit development is likely underway, making prompt patching crucial.
- Description
- Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization.
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-94
- Hype score
- Not currently trending
Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 https://t.co/N0aDbnbkIh @SLCyberSec https://t.co/SPsGIhXbBC
@sans_isc
27 Mar 2025
1059 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 https://t.co/N0aDbnbSxP https://t.co/nEUt7EgLgB
@sans_isc
27 Mar 2025
264 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Sitecore: Unsafe Deserialisation Again! (CVE-2025-27218) › Searchlight Cyber https://t.co/Edrz7dlAVo https://t.co/eU7iw4pDvr
@z0_enix
8 Mar 2025
32 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Our security research team discovered a pre-auth RCE (CVE-2025-27218) in Sitecore XP 10.4. You can read our research here: https://t.co/CzoIe0mlO2
@assetnote
6 Mar 2025
4186 Impressions
12 Retweets
103 Likes
24 Bookmarks
0 Replies
0 Quotes
Nice assessment of Sitecore XM + XP remote code execution CVE-2025-27218 c/o @rapid7's pen testing team 🎉 https://t.co/N1FHZsXeV6
@catc0n
5 Mar 2025
2708 Impressions
10 Retweets
37 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2025-27218 Unauthenticated Remote Code Execution in Sitecore Experience Manager 10.4 https://t.co/AXHQzkSCZn
@VulmonFeeds
20 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27218 Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization. https://t.co/2qHoGxgwEV
@CVEnew
20 Feb 2025
485 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes