POC详情: 885f56d858a96c2cbcfc4e5f21787eb798322cca

来源
https://github.com/B1ack4sh/Blackash-CVE-2025-53690
关联漏洞
标题: Sitecore Experience Manager 安全漏洞 (CVE-2025-53690)
描述:Sitecore Experience Manager(XM)是丹麦Sitecore公司的一个管理软件。 Sitecore Experience Manager 9.0及之前版本和Sitecore Experience Platform 9.0及之前版本存在安全漏洞,该漏洞源于反序列化不受信任数据,可能导致代码注入。
描述
CVE-2025-53690
介绍
## CVE-2025-53690: Critical Remote Code Execution Vulnerability in Sitecore XM/XP

CVE-2025-53690 is a critical vulnerability in Sitecore's Experience Manager (XM) and Experience Platform (XP), versions up to 9.0. It stems from insecure deserialization of untrusted data, specifically exploiting exposed ASP.NET machine keys. This flaw allows attackers to execute arbitrary code remotely, potentially compromising the affected systems.

### Vulnerability Details

* **Type**: Deserialization of Untrusted Data (CWE-502)
* **Severity**: Critical
* **CVSS Score**: 9.0
* **Impacted Versions**: Sitecore Experience Manager (XM) and Experience Platform (XP) through version 9.0
* **Exploitation Method**: Attackers exploit exposed machine keys from public deployment guides to perform remote code execution via ViewState deserialization attacks.

### Attack Vector

The vulnerability arises when Sitecore applications deserialize ViewState data without proper validation, allowing attackers to inject malicious code. This issue is particularly critical for internet-facing deployments using default or exposed machine keys.

### Real-World Exploitation

Mandiant Threat Defense identified active exploitation of this vulnerability, where attackers leveraged the exposed machine key to gain unauthorized access. The attack chain included:

1. **Initial Compromise**: Exploitation of the ViewState deserialization flaw to execute arbitrary code.
2. **Malware Deployment**: Installation of reconnaissance tools like WEEPSTEEL for internal network mapping.
3. **Credential Harvesting**: Collection of sensitive files and creation of local administrator accounts to dump system credentials.
4. **Lateral Movement**: Use of compromised credentials for further system access.

### Mitigation

Sitecore has released patches addressing CVE-2025-53690. Affected users are urged to apply these updates promptly. Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities Catalog, recommending remediation by September 25, 2025.

For detailed guidance, refer to Sitecore's Security Bulletin SC2025-005.
文件快照

 [4.0K]  /data/pocs/885f56d858a96c2cbcfc4e5f21787eb798322cca
└── [2.1K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。