Sitecore “thumbnailsaccesstoken” Deserialization Scans (and some new reports) CVE-2025-27218, (Thu, Mar 27th)

On March 6th, Searchlight Cyber published a blog revealing details about a new deserialization vulnerability in Sitecore [1]. Sitecore calls itself a “Digital Experience Platform (CXP),” which is a fancy content management system (CMS). Sitecore itself is written in .Net and is often sold as part of a solution offered by Sitecore partners. Like other CMSs, it makes it easy to manage a website's content. It offers several attractive features to marketing professionals seeking more insight into user patterns.

This article has been indexed from SANS Internet Storm Center, InfoCON: green

Read the original article: