module

Sitecore CVE-2025-27218 BinaryFormatter Deserialization Exploit

Disclosed
Jan 6, 2025

Description

This module exploits a .NET deserialization vulnerability in Sitecore Experience Manager (XM) and Experience
Platform (XP) 10.4 by injecting a malicious Base64-encoded BinaryFormatter payload into an HTTP header.
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.