Loading
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Use CWE-502, Sitecore vendor hub and Experience Platform product page to widen CVE-2021-42237 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-53690, CVE-2025-53693 and CVE-2023-35813 for nearby disclosures in the same product family.