Subj : One of the world's most popular CMS tools has an embarrassing sec To : All From : TechnologyDaily Date : Wed Jun 18 2025 14:15:07 One of the world's most popular CMS tools has an embarrassing security flaw, so patch immediately Date: Wed, 18 Jun 2025 13:03:00 +0000 Description: Three Sitecore bugs can be chained to achieve RCE and thousands are apparently at risk. FULL STORY ======================================================================The Sitecore CMS had an account with a hardcoded password Threat actors could use it to upload arbitrary files, achieving RCE Thousands of endpoints are potentially at risk Sitecore Experience Platform, an enterprise-level content management system ( CMS ) carried three vulnerabilities which, when chained together, allowed threat actors full takeover of vulnerable servers, experts have warned. Cybersecurity researchers watchTowr found the first flaw is a hardcoded password for an internal user - just one letter - b - making it super easy to guess. The account does not have admin privileges, but watchTowr found malicious users could authenticate via an alternate login path, which would give them authenticated access to internal endpoints. Save up to 52% off Lifelock Identity Theft Protection! Your personal info is in endless places. And any one of them could accidentally expose you to identity theft. That's why LifeLock monitors hundreds of millions of data points a second for identity theft. LifeLock. For the threats you can't control. Preferred partner ( What does this mean? ) View Deal Patching the flaws This sets the stage for the exploitation of the second flaw, described as a Zip Slip in the Sitecore Upload Wizard. In a nutshell, the now-authenticated attackers can upload malicious files due to insufficient path sanitation, and the way Sitecore maps paths. As a result, they can write arbitrary files in the webroot. These two issues alone could be enough to cause some serious damage on the compromised server, but the problems dont stop there. If the website has the Sitecore PowerShell Extensions (SPE) module installed, which is commonly bundled with SXA, attackers can upload arbitrary files to specific paths, bypassing extension or location restrictions and resulting in a reliable RCE. All Sitecore versions from 10.1 to 10.4 are apparently vulnerable, which translates to roughly 22,000 publicly exposed instances, at press time - but just because theyre all accessible and running these versions, it doesnt necessarily mean theyre all vulnerable. "Sitecore is deployed across thousands of environments, including banks, airlines, and global enterprises so the blast radius here is massive," watchTowr CEO Benjamin Harris told BleepingComputer . "And no, this isn't theoretical: we've run the full chain, end-to-end. If you're running Sitecore, it doesn't get worse than this rotate creds and patch immediately before attackers inevitably reverse engineer the fix." So far there were no reports of abuse in the wild, but a patch is available now, so users should update as soon as possible. You might also like Schneider Electric says developer platform was breached, company data stolen Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/one-of-the-worlds-most-popular-cms-tool s-has-an-embarrassing-security-flaw-so-patch-immediately --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .