![Nomad Goods Launches 15% Sitewide Sale for 48 Hours Only [Deal]](https://www.iclarified.com/images/news/96899/96899/96899-640.jpg)
![Apple Watch Series 10 Prototype with Mystery Sensor Surfaces [Images]](https://www.iclarified.com/images/news/96892/96892/96892-640.jpg)
![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![Is this a suitable approach to architect a flutter app? [closed]](https://i.sstatic.net/4hMHGb1L.png)
![From broke musician to working dev. How college drop-out Ryan Furrer taught himself to code [Podcast #166]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743189826063/2080cde4-6fc0-46fb-b98d-b3d59841e8c4.png?#)
CISA Adds Sitecore CMS Code Execution Vulnerability to List of Known Exploited Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two critical Sitecore CMS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities, CVE-2019-9874 and CVE-2019-9875, both affect the Sitecore.Security.AntiCSRF module could allow attackers to execute arbitrary code on vulnerable systems. Critical Vulnerabilities Details and […] The post CISA Adds Sitecore CMS Code Execution Vulnerability to List of Known Exploited Vulnerabilities appeared first on Cyber Security News.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two critical Sitecore CMS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerabilities, CVE-2019-9874 and CVE-2019-9875, both affect the Sitecore.Security.AntiCSRF module could allow attackers to execute arbitrary code on vulnerable systems.
Critical Vulnerabilities Details and Impact
CVE-2019-9874, with a CVSS score of 9.8, represents a severe security risk as it allows unauthenticated attackers to exploit a deserialization vulnerability to achieve remote code execution.
The exploit focuses on tampering with the __CSRFTOKEN HTTP POST parameter by injecting a maliciously crafted serialized .NET object.
The second vulnerability, CVE-2019-9875 (CVSS 8.8), affects the same module but requires authentication. While this presents a higher barrier to entry, the attack’s simplicity and potential impact remain significant.
Once logged in, threat actors can weaponize the same deserialization vector to hijack the server.
“The deserialization vulnerability occurs at a stage prior to application logic execution, allowing attackers to bypass security controls entirely.”
Using tools like ysoserial.net, attackers can encode payloads that execute PowerShell commands to establish remote shells or deploy malware without triggering typical security alarms.
The vulnerabilities are summarized as follows:
Risk Factors CVE-2019-9874 CVE-2019-9875 Affected Products Sitecore CMS 7.0–7.2 and XP 7.5–8.2 Sitecore versions up to 9.1.0 Impact Remote Code Execution Remote Code Execution Exploit Prerequisites Unauthenticated access Authenticated access CVSS 3.1 Score 9.8 (Critical) 8.8 (High)
These vulnerabilities affect multiple versions of Sitecore software:
- CVE-2019-9874 impacts Sitecore CMS 7.0–7.2 and XP 7.5–8.2
- CVE-2019-9875 affects Sitecore versions up to 9.1.0
CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies apply available patches no later than April 16, 2025. The vulnerabilities were added to the KEV catalog on March 26, 2025, signaling their active exploitation status.
Mitigation Measures
Sitecore released fixes shortly after the initial discovery of these vulnerabilities in 2019, but many organizations remain unpatched. Mitigation options include:
- For versions prior to 9.0, a hotfix is available via Sitecore KB Article 334035
- For versions 9.0 and above, upgrading to Sitecore 9.1 Update-1 resolves the issue
Organizations unable to immediately apply patches can implement temporary workarounds by denying access to the \Website\sitecore\shell folder on all Sitecore instances or implementing IP-based restrictions to limit access to trusted addresses.
“Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework,” CISA advises.
The resurgence of these six-year-old vulnerabilities highlights the persistent nature of security threats, even for previously disclosed and patched issues.
Security professionals are urged to review their Sitecore deployments immediately and take appropriate action to mitigate these actively exploited vulnerabilities.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post CISA Adds Sitecore CMS Code Execution Vulnerability to List of Known Exploited Vulnerabilities appeared first on Cyber Security News.
