module

Sitecore CVE-2025-27218 BinaryFormatter Deserialization Exploit

Try Surface Command
Back to search
Disclosed
Jan 6, 2025

Description

This module exploits a .NET deserialization vulnerability in Sitecore Experience Manager (XM) and Experience
Platform (XP) 10.4 by injecting a malicious Base64-encoded BinaryFormatter payload into an HTTP header.
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report