CVE-2025-27218
Published: 20 February 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-27218 is a remote code execution vulnerability affecting Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 versions prior to KB1002844. The issue arises from insecure deserialization, mapped to CWE-94, enabling attackers to execute arbitrary code on affected systems. It carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating network accessibility with low attack complexity.
Unauthenticated remote attackers can exploit this vulnerability without privileges or user interaction. Exploitation involves sending crafted serialized data, leading to remote code execution on the server, though the CVSS metrics reflect low confidentiality impact with no integrity or availability disruption.
Sitecore's knowledge base article at https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003535 details the issue, with mitigation available via KB1002844, which addresses the insecure deserialization flaw in XM and XP 10.4.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes an unauthenticated remote code execution vulnerability in the public-facing Sitecore XM/XP web application via insecure deserialization, directly enabling exploitation of public-facing applications for initial access.