<ul><li>U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog.</li><li>CISA added Sitecore CMS and XP deserialization vulnerabilities (CVE-2019-9875 and CVE-2019-9874) and GitHub Action embedded malicious code vulnerability (CVE-2025-30154).</li><li>CVE-2019-9875 allows authenticated attackers to execute arbitrary code in Sitecore CMS and Experience Platform.</li><li>CISA orders federal agencies to fix the vulnerabilities by specified dates.</li></ul>

U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

Discover more