Summary: CISA has added two critical vulnerabilities affecting Sitecore CMS to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation. These flaws allow attackers to execute arbitrary code through deserialization vulnerabilities. Additionally, there are ongoing exploit attempts against DrayTek devices and a new vulnerability in the Next.js web framework.
Affected: Sitecore CMS, DrayTek devices, Next.js web framework
Keypoints :
- CVE-2019-9874 (CVSS score: 9.8) allows unauthenticated attackers to execute arbitrary code via a serialized .NET object.
- CVE-2019-9875 (CVSS score: 8.8) enables authenticated attackers to do the same, affecting Sitecore.Security.AntiCSRF module.
- Federal agencies must patch these vulnerabilities by April 16, 2025.
- Initial exploit attempts have been observed against a newly disclosed Next.js vulnerability (CVE-2025-29927).
- DrayTek devices are also under active exploitation with several vulnerabilities being targeted, with Indonesia and the U.S. as key attack destinations.
Source: https://thehackernews.com/2025/03/cisa-flags-two-six-year-old-sitecore.html