CVE-2019-9875CISA KEVEPSS p96.1%
CVE-2019-9875Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
Sitecore / CMS and Experience Platform (XP)
Description
Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.
Scoring
| EPSS | 14.15% probability of exploitation · percentile 96.1% · 2026-06-18T12:00:27Z |
CISA KEV entry
Added to KEV: 2025-03-26
(incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| KEVEntry | Sitecore CMS and Experience Platform (XP) Deserialization Vulnerabilitykev-cve-2019-9875 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.