CVE-2019-9875
HIGH KEVSitecore CMS < 9.1 - Authenticated Remote Code Execution via Anti-CSRF Module Deserialization
Title source: llmExploitation Summary
CVE-2019-9875 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 26, 2025.
Description
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.
References (4)
Core 4
Core References
Product, Vendor Advisory x_refsource_misc
https://dev.sitecore.net/Downloads.aspx
Third Party Advisory x_refsource_misc
https://www.synacktiv.com/blog.html
Exploit, Patch, Third Party Advisory x_refsource_misc
https://www.synacktiv.com/ressources/advisories/Sitecore_CSRF_deserialize_RCE.pdf
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-9875
Scores
CVSS v3
8.8
EPSS
0.5670
EPSS Percentile
98.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2025-03-26
VulnCheck KEV
2025-03-26
ENISA EUVD
EUVD-2019-19231
CWE
CWE-502
Status
published
Products (1)
sitecore/cms
< 9.1
Published
May 31, 2019
KEV Added
Mar 26, 2025
Tracked Since
Feb 18, 2026