- SiteCore has corrected a defect in critical dereialization of the zero day affecting inherited deployments
- Threat actors have exploited the vulnerability to the deployment of malware like Wepsteel
- Mandiant intervened at mid-attack, preventing full damage
The CMS Popular SiteCore platform has corrected a critical vulnerability of zero day which is in cyber attacks.
Mandiant security researchers have observed threat actors exploiting a zero flaw to deploy malware, as well as other legitimate software.]
The flaw comes from the use of ASP.NET sample machine keys published in the old deployment guides (before 2017), and is now followed as CVE-2025-53690. He received a gravity score of 9.0 / 10 (critic).
Wepsteel and other misfortunes
Zero-day is described as a vulnerability of critical deialialization affecting SiteCore Experience Manager (XM), SiteCore Experience Platform (XP), Experience Commerce (XC) and the cloud versions managed up to 9.0, when they are deployed using the key to the ASP.NET machine of the sample included in the pre-2017 documentation.
XM Cloud, Content Hub, CDP, Personalized, Ordercloud, Storefront, Send, Discover, Search and Trade Server are apparently not impacted.
Mandiant stopped the attack in the middle of the execution, which prevented the researchers from observing the full life cycle of the attack. However, they managed to find Wepsteel, part of malicious software designed for internal recognition. This malware brings together system information, as well as process, disc and network data. He expels it by hiding it in the form of standard Viewstate responses.
Other tools that attackers used included the earthworm, which is a proxy of tunneling and opposite network, Dwagent, which is a remote access tool, and the popular archive 7-ZIP.
While Mandiant conducted the investigation and disrupted the attack, she did not assign a formal attribution of national group or criminal group. That said, tactics, tools and operational maturity suggest a targeted campaign of a well-resourked actor, perhaps with previous experience in the exploitation of Asp.net environments.
SiteCore is a digital experience platform (DXP) which has major brands, including Nestlé, Subway, Suzuki and Procter & Gamble, as customers to offer personalized and scalable digital experiences.
Via Bleeping Compompute
