WeepSteel Rises: Attackers Exploit Critical Sitecore Deserialization Bug

Executive Summary A critical zero-day vulnerability in Sitecore, tracked as CVE-2025-53690, has been exploited in the wild to deploy the WeepSteel backdoor. This flaw, an insecure deserialization issue, allows attackers to craft malicious ViewState payloads using default or sample ASP.NET machineKey values. Exploitation leads to remote code execution (RCE) on vulnerable Sitecore servers, enabling credential […]

The post WeepSteel Rises: Attackers Exploit Critical Sitecore Deserialization Bug appeared first on SecPod Blog.

Related Posts

Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

Best Practices to Strengthen Cybersecurity in Finance

How Easy is Email Encryption? You’d Be Surprised.

Apple Fixes Multiple Security Vulnerabilities Including Three Zero-day Exploits!