Description
Sitecore XP is a .NET content management system.
Sitecore XP uses usafe deserialization in Report.ashx. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data. An attacker can leverage this vulnerability to execute arbitrary code on the system.
Remediation
Upgrade to the latest version of Sitecore XP
References
Related Vulnerabilities
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability
Telerik Web UI RadAsyncUpload Deserialization
TimThumb WebShot remote code execution
Sitecore XM/XP Insecure Deserialization (CVE-2025-27218)
WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5)