Unknown miscreants are exploiting a configuration vulnerability in multiple Sitecore products to achieve remote code execution via a publicly exposed key and deploy snooping malware on infected machines.

All versions of Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud remain "potentially impacted" by CVE-2025-53690 , a ViewState deserialization vulnerability, if they are deployed in a multi-instance mode with customer-managed static machine keys, the business software provider warned in a Wednesday security bulletin.

The bug is due to a configuration issue - not a software hole - and affects customers using the sample key provided with deployment instructions for Sitecore XP 9.0 or earlier and Sitecore Active Directory 1.4 and earlie

See Full Page