CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Apr 16, 2025
High
CISA KEVCVE-2019-9874
Sitecore—CMS and Experience Platform (XP)
Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.
Required Action
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB0334035 ; https://nvd.nist.gov/vuln/detail/CVE-2019-9874
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Mar 26, 2025
- KEV Added
- Mar 26, 2025
- Due Date
- Apr 16, 2025
- Related Articles
- 0
Vendor
Sitecore
CMS and Experience Platform (XP)