A newly disclosed critical vulnerability in Sitecore Experience Platform (CVE-2025-27218) allows unauthenticated attackers to execute arbitrary code on unpatched systems. The flaw, rooted in insecure deserialization practices, affects Sitecore Experience Manager (XM) and Experience Platform (XP) versions 8.2 through 10.4 prior to patch KB1002844. Security firm Assetnote discovered the vulnerability, which leverages Sitecore’s misuse of […]
The post Sitecore 0-Day Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.
This article has been indexed from Cyber Security News