Cyber threat actors are exploiting a zero-day vulnerability in legacy Sitecore systems to deploy WeepSteel reconnaissance malware. This vulnerability, CVE-2025-53690, allows remote code execution through misconfigured ASP.NET machine keys, leading to sensitive data collection and further malicious activities. #CVE202553690 #WeepSteelMalware
Keypoints
- Threat actors exploited a zero-day vulnerability in legacy Sitecore deployments to deploy malware.
- The flaw stems from a ViewState deserialization vulnerability caused by reused ASP.NET machine keys.
- Attackers targeted the β/sitecore/blocked.aspxβ endpoint to achieve remote code execution on IIS servers.
- The deployed payload, WeepSteel, conducts system reconnaissance and exfiltrates information covertly.
- Mitigation involves replacing static machine keys with unique, encrypted keys and rotating them regularly.