CVE-2019-9875
Published: 31 May 2019
Summary
CVE-2019-9875 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Sitecore Cms. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 1.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2019-9875 is a deserialization of untrusted data vulnerability (CWE-502) affecting the anti-CSRF module in Sitecore versions through 9.1. The flaw permits an attacker to supply a malicious serialized .NET object that is processed without sufficient validation, leading to arbitrary code execution on the server.
An authenticated attacker with low privileges can exploit the issue over the network by submitting the crafted object inside an HTTP POST parameter. Successful exploitation yields full control over the application, resulting in high impact to confidentiality, integrity, and availability as reflected in the CVSS 8.8 score.
Sitecore has published updates through its official Downloads portal, while Synacktiv has released a detailed advisory and technical PDF describing the flaw and recommended remediation steps.
No information on observed in-the-wild exploitation is provided in the source references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19231
Vulnerability details
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.
- CWE(s)
- KEV Date Added
- 26 March 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all input (including serialized .NET objects in HTTP POST parameters) to reject malformed or untrusted data before deserialization occurs.
Mandates prompt application of vendor patches that eliminate the unsafe deserialization path in the anti-CSRF module.
Requires integrity verification of software and information to detect or block tampered serialized objects that could lead to code execution.