sitecore News Articles
Recent news articles refferecing the vendors vulnerabilities.
The Hacker NewsCVE-2025-53690CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation
CVE-2025-53690, a critical Sitecore flaw (CVSS 9.0), exploited since Dec 2024, enables RCE and data theft.
Hackers exploited Sitecore zero-day flaw to deploy backdoors
Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware.
watchTowr LabsIs b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform
Welcome to June! We’re back—this time, we're exploring Sitecore’s Experience Platform (XP), demonstrating a pre-auth RCE chain that we reported to Sitecore in February 2025. We’ve spent a bit of time recently looking at CMS’s given the basic fact that they represent attractive targets for
Searchlight CyberCVE-2025-27218Sitecore: Unsafe Deserialisation Again! (CVE-2025-27218) › Searchlight Cyber
Assetnote, now a searchlight cyber company, has uncovered a zero day REMOTE COMMAND EXECUTION VULNERABILITY in SITECORE EXPERIENCE PLATFORM new Sitecore vulnerabilities discovered