module
Sitecore CVE-2025-27218 BinaryFormatter Deserialization Exploit
| Disclosed |
|---|
| Jan 6, 2025 |
Disclosed
Jan 6, 2025
Description
This module exploits a .NET deserialization vulnerability in Sitecore Experience Manager (XM) and Experience
Platform (XP) 10.4 by injecting a malicious Base64-encoded BinaryFormatter payload into an HTTP header.
Platform (XP) 10.4 by injecting a malicious Base64-encoded BinaryFormatter payload into an HTTP header.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.