{"id":1449,"date":"2025-09-06T14:05:02","date_gmt":"2025-09-06T05:05:02","guid":{"rendered":"https:\/\/readtrends.com\/ko\/sitecore-cve-2025-53690\/"},"modified":"2025-09-06T14:05:02","modified_gmt":"2025-09-06T05:05:02","slug":"sitecore-cve-2025-53690","status":"publish","type":"post","link":"https:\/\/readtrends.com\/ko\/sitecore-cve-2025-53690\/","title":{"rendered":"\uc0ac\uc774\ud2b8\ucf54\uc5b4 \uc81c\ub85c\ub370\uc774 CVE-2025-53690, \uc804 \uc138\uacc4\uc11c \uc545\uc6a9\ub41c ViewState \ucde8\uc57d"},"content":{"rendered":"<article>\n<p>\uc694\uc57d: 2025\ub144 9\uc6d4, \uc0ac\uc774\ud2b8\ucf54\uc5b4(Sitecore)\uc758 \uc8fc\uc694 \uc81c\ud488(Experience Manager, Experience Platform, Experience Commerce)\uc5d0\uc11c ASP.NET ViewState \uc5ed\uc9c1\ub82c\ud654 \ucde8\uc57d\uc810(CVE-2025-53690)\uc774 \ud655\uc778\ub418\uc5b4 \uc804 \uc138\uacc4\uc5d0\uc11c \uc2e4\uc81c \uacf5\uaca9\uc5d0 \uc545\uc6a9\ub41c \uc815\ud669\uc774 \ud3ec\ucc29\ub410\ub2e4. \uacf5\uaca9\uc790\ub294 \ubb38\uc11c\uc5d0 \ud3ec\ud568\ub41c \uc0d8\ud50c ASP.NET \uba38\uc2e0 \ud0a4\ub97c \uc774\uc6a9\ud574 \uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589(RCE)\uc5d0 \uc131\uacf5\ud588\uc73c\uba70, \ubcf4\uc548\uc5c5\uccb4\ub4e4\uc758 \ub300\uc751 \uad8c\uace0\uac00 \ubc1c\ud45c\ub410\ub2e4.<\/p>\n<h2>\ud575\uc2ec \uc0ac\uc2e4 (Key Takeaways)<\/h2>\n<ul>\n<li>CVE-2025-53690\uc740 ASP.NET ViewState \uc5ed\uc9c1\ub82c\ud654 \uacfc\uc815\uc758 \ucde8\uc57d\uc810\uc73c\ub85c, \ub178\ucd9c\ub41c \uba38\uc2e0 \ud0a4\ub85c \uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589\uc774 \uac00\ub2a5\ud558\ub2e4.<\/li>\n<li>\uc601\ud5a5 \ubc94\uc704: Sitecore XM, XP, Experience Commerce \ub4f1 \uc8fc\uc694 \uc81c\ud488.<\/li>\n<li>Mandiant \uc870\uc0ac\uc5d0\uc11c 2017\ub144 \uc774\uc804 \ubc30\ud3ec \uac00\uc774\ub4dc\uc5d0 \ud3ec\ud568\ub41c \uc0d8\ud50c \uba38\uc2e0 \ud0a4 \uc0ac\uc6a9 \ud658\uacbd\uc5d0\uc11c \uacf5\uaca9\uc774 \ubc1c\uc0dd\ud55c \uac83\uc73c\ub85c \ud655\uc778\ub410\ub2e4.<\/li>\n<li>\uacf5\uaca9\uc740 \uc2e4\uc81c\ub85c \uc804 \uc138\uacc4\uc5d0\uc11c \uad00\ucc30\ub418\uc5c8\uc73c\uba70, \uc77c\ubd80 \uc11c\ubc84\ub294 \uce68\ud22c\uc640 \uc7a5\uae30 \uc9c0\uc18d\ud654 \uc2dc\ub3c4\uac00 \uc758\uc2ec\ub41c\ub2e4.<\/li>\n<li>\uad8c\uace0 \uc870\uce58: \ubaa8\ub4e0 ASP.NET \uba38\uc2e0 \ud0a4 \uad50\uccb4, web.config \ub0b4 machineKey \uc694\uc18c \uc554\ud638\ud654, \ud30c\uc77c \uc811\uadfc \uad8c\ud55c \ucd5c\uc18c\ud654.<\/li>\n<li>\uc720\uc0ac\ud55c ViewState \uae30\ubc18 \uacf5\uaca9 \uc0ac\ub840\uac00 \uc62c\ud574 \ub2e4\uc218 \ubcf4\uace0\ub418\uc5b4 \uc5f0\uc18d\uc801 \uc704\ud5d8\uc774 \uc874\uc7ac\ud55c\ub2e4(CVE-2025-30406, CVE-2025-3935, CVE-2025-53770).<\/li>\n<li>\ubcf4\uc548 \uad00\ub9ac \uc2e4\ud328(\uae30\ubcf8\uac12\u00b7\uc0d8\ud50c \ud0a4 \uc0ac\uc6a9)\uac00 \uadfc\ubcf8 \uc6d0\uc778\uc73c\ub85c \uc9c0\uc801\ub418\uba70 CI\/CD \ubc30\ud3ec \uacfc\uc815 \uac80\uc99d \uac15\ud654 \ud544\uc694.<\/li>\n<\/ul>\n<h2>\uac80\uc99d\ub41c \uc0ac\uc2e4 \uc0c1\uc138 (Verified Facts)<\/h2>\n<p>\ucde8\uc57d\uc810 CVE-2025-53690\uc740 ASP.NET\uc758 ViewState \uc5ed\uc9c1\ub82c\ud654 \ucc98\ub9ac\uc640 \uad00\ub828\ub3fc \uc788\ub2e4. ViewState\ub294 \uc11c\ubc84\uc640 \ud074\ub77c\uc774\uc5b8\ud2b8 \uac04 \uc0c1\ud0dc\ub97c \uc720\uc9c0\ud558\uae30 \uc704\ud574 \uc0ac\uc6a9\ub418\uba70, \uc77c\ubc18\uc801\uc73c\ub85c machineKey\ub85c \uc11c\uba85\u00b7\uc554\ud638\ud654\ub41c\ub2e4. \uadf8\ub7ec\ub098 \ub3d9\uc77c\ud55c \ud0a4\uac00 \uc678\ubd80\uc5d0 \ub178\ucd9c\ub418\uba74 \uacf5\uaca9\uc790\uac00 \uc704\uc870\ub41c ViewState\ub97c \ub9cc\ub4e4\uc5b4 \uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589\uc744 \uc2dc\ub3c4\ud560 \uc218 \uc788\ub2e4.<\/p>\n<p>\ubcf4\uc548\uc5c5\uccb4 Mandiant\ub294 \uc774\ubc88 \uc0ac\ub840\uc5d0\uc11c \uacf5\uaca9\uc790\uac00 \uc0ac\uc774\ud2b8\ucf54\uc5b4 \ubb38\uc11c\uc5d0 \ud3ec\ud568\ub41c \uc0d8\ud50c \uba38\uc2e0 \ud0a4\ub97c \uadf8\ub300\ub85c \uc0ac\uc6a9\ud55c \ud658\uacbd\uc744 \ub178\ub824 \uce68\ud22c\uc5d0 \uc131\uacf5\ud588\ub2e4\uace0 \ubcf4\uace0\ud588\ub2e4. Mandiant\ub294 \uae34\uae09 \ub300\uc751\uc73c\ub85c \ucd94\uac00 \uacf5\uaca9\uc744 \ucc28\ub2e8\ud588\uc73c\ub098 \uc804\uccb4 \uce68\ud574 \uacfc\uc815\uacfc \uc601\ud5a5 \ubc94\uc704\ub97c \uc644\uc804\ud558\uac8c \ud655\uc778\ud558\uc9c0 \ubabb\ud588\ub2e4\uace0 \ubc1d\ud614\ub2e4.<\/p>\n<p>\ub9c8\uc774\ud06c\ub85c\uc18c\ud504\ud2b8\ub294 2025\ub144 2\uc6d4 \uacf5\uac1c\uc801\uc73c\ub85c \uc218\ucc9c \uac74\uc758 \ub178\ucd9c\ub41c ASP.NET \uba38\uc2e0 \ud0a4\uac00 \uc545\uc6a9\ub420 \uc218 \uc788\ub2e4\uace0 \uacbd\uace0\ud588\ub2e4. \uc62c\ud574\uc5d0\ub294 Gladinet CentreStack(CVE-2025-30406), ConnectWise ScreenConnect(CVE-2025-3935), Microsoft SharePoint Server(CVE-2025-53770) \ub4f1 ViewState \ub610\ub294 \uc720\uc0ac \uccb4\uc778\uc744 \ud1b5\ud574 \uc545\uc6a9\ub41c \uc0ac\ub840\uac00 \uc5f0\ub2ec\uc544 \ubcf4\uace0\ub410\ub2e4.<\/p>\n<h2>\ub9e5\ub77d\uacfc \uc601\ud5a5 (Context &#038; Impact)<\/h2>\n<p>\uc774\ubc88 \uc0ac\uac74\uc740 \ub2e8\uc21c \ucde8\uc57d\uc810 \uc874\uc7ac\ub97c \ub118\uc5b4 \uad6c\uc131 \uad00\ub9ac \uc2e4\ud328\uac00 \uc2e4\uc81c \uce68\ud574\ub85c \uc5f0\uacb0\ub418\ub294 \uc804\ud615\uc801 \uc0ac\ub840\ub85c \ud3c9\uac00\ub41c\ub2e4. \uae30\ubcf8\uac12\u00b7\uc0d8\ud50c \ud0a4\u00b7\ub514\ud3f4\ud2b8 \uacc4\uc815\uc774 \ub0a8\uc544 \uc788\ub294 \uc2dc\uc2a4\ud15c\uc740 \uc790\ub3d9\ud654\ub41c \uc2a4\uce90\ub2dd\uacfc \uc775\uc2a4\ud50c\ub85c\uc787 \ub3c4\uad6c\uc5d0 \uc758\ud574 \ube60\ub974\uac8c \ud45c\uc801\uc774 \ub41c\ub2e4.<\/p>\n<p>\uc601\ud5a5 \ubc94\uc704\ub294 \ub2e8\uc77c \uc11c\ubc84\uc758 RCE \ucc28\uc6d0\uc744 \ub118\uc5b4\uc11c, \uce68\ud22c \uc774\ud6c4 \ubc31\ub3c4\uc5b4 \uc124\uce58\u00b7\uad8c\ud55c \uc0c1\uc2b9\u00b7\ub0b4\ubd80 \uc9c0\uc18d\uc131 \ud655\ubcf4 \ub4f1 \uc7a5\uae30\uc801 \uc704\ud611\uc73c\ub85c \ud655\ub300\ub420 \uac00\ub2a5\uc131\uc774 \ud06c\ub2e4. \ud2b9\ud788 \uc6f9 \uae30\ubc18 CMS\ub098 \uc804\uc790\uc0c1\uac70\ub798 \ud658\uacbd\uc5d0\uc11c \ub370\uc774\ud130 \uc720\ucd9c\u00b7\uc11c\ube44\uc2a4 \uc911\ub2e8 \ub9ac\uc2a4\ud06c\uac00 \ub192\ub2e4.<\/p>\n<p>\uae30\uc5c5\uc740 \ud328\uce58 \uc801\uc6a9 \uc678\uc5d0 \ub2e4\uc74c\uacfc \uac19\uc740 \uc989\uac01\uc801 \uc870\uce58\ub97c \uad8c\uace0\ubc1b\uace0 \uc788\ub2e4: 1) \ubaa8\ub4e0 ASP.NET machineKey \uad50\uccb4, 2) web.config\uc758 machineKey \uc694\uc18c \uc554\ud638\ud654, 3) \ud574\ub2f9 \ud30c\uc77c\uc758 \uc811\uadfc \uad8c\ud55c\uc744 \uad00\ub9ac\uc790 \uc804\uc6a9\uc73c\ub85c \uc81c\ud55c, 4) \ubc30\ud3ec \ud30c\uc774\ud504\ub77c\uc778(CI\/CD)\uc5d0\uc11c \uae30\ubcf8\u00b7\uc0d8\ud50c \uac12\uc774 \ud3ec\ud568\ub418\uc9c0 \uc54a\uc558\ub294\uc9c0 \uac80\uc99d.<\/p>\n<h2>\uacf5\uc2dd \uc785\uc7a5\/\uc9e7\uc740 \uc778\uc6a9 (Official Statements)<\/h2>\n<blockquote>\n<p>\uace0\uac1d \ud658\uacbd\uc744 \uba74\ubc00\ud788 \uc810\uac80\ud558\uace0 \ub178\ucd9c\ub41c \uba38\uc2e0 \ud0a4\ub97c \uc989\uc2dc \uad50\uccb4\ud558\uba70 \uc6f9 \uc124\uc815 \ud30c\uc77c\uc5d0 \ub300\ud55c \uc811\uadfc \ud1b5\uc81c\ub97c \uac15\ud654\ud560 \uac83\uc744 \uad8c\uace0\ud569\ub2c8\ub2e4.<\/p>\n<p><cite>\uc0ac\uc774\ud2b8\ucf54\uc5b4 \ubcf4\uc548 \uad8c\uace0<\/cite><\/p><\/blockquote>\n<aside>\n<details>\n<summary>\ud574\uc124: ViewState\uc640 machineKey\ub780?<\/summary>\n<p>ViewState\ub294 ASP.NET \ud398\uc774\uc9c0\uc758 \uc0c1\ud0dc\ub97c \ud074\ub77c\uc774\uc5b8\ud2b8 \uce21\uc5d0 \uc800\uc7a5\ud558\ub294 \uba54\ucee4\ub2c8\uc998\uc774\ub2e4. machineKey\ub294 ViewState \uc11c\uba85\uacfc \uc554\ud638\ud654\uc5d0 \uc0ac\uc6a9\ub418\ub294 \ube44\ubc00 \ud0a4\ub85c, \uc720\ucd9c \uc2dc \uc704\u00b7\ubcc0\uc870\ub41c ViewState\ub85c \uc778\ud574 \uc784\uc758 \ucf54\ub4dc \uc2e4\ud589\uc774 \uac00\ub2a5\ud574\uc9c4\ub2e4. \uc548\uc804 \uad00\ub9ac\ub294 \ud0a4\uc758 \uace0\uc720\uc131 \ubcf4\uc7a5, \ud30c\uc77c \uc554\ud638\ud654, \uc811\uadfc \uc81c\uc5b4\uac00 \ud575\uc2ec\uc774\ub2e4.<\/p>\n<\/details>\n<\/aside>\n<h2>\ubd88\ud655\uc2e4\uc131 (Unconfirmed)<\/h2>\n<ul>\n<li>\uacf5\uaca9\uc790 \uc2e0\uc6d0(\uad6d\uac00\u00b7\uc870\uc9c1) \ubc0f \uad11\ubc94\uc704\ud55c \ubc30\ud6c4 \uc5f0\uacb0\uc131\uc740 \ud604\uc7ac \ud655\uc778\ub418\uc9c0 \uc54a\uc558\ub2e4.<\/li>\n<li>\ubaa8\ub4e0 \uce68\ud574 \ub300\uc0c1 \uc11c\ubc84\uc5d0\uc11c \ub370\uc774\ud130 \uc720\ucd9c\uc774\ub098 \ucd94\uac00 \uc545\uc131 \ud65c\ub3d9\uc774 \ubc1c\uc0dd\ud588\ub294\uc9c0\uc5d0 \ub300\ud55c \uc804\uc218 \uc870\uc0ac\ub294 \uc644\ub8cc\ub418\uc9c0 \uc54a\uc558\ub2e4.<\/li>\n<li>\uce68\ud22c \ucd08\uae30 \uacbd\ub85c(\ub2e4\ub978 \ucde8\uc57d\uc810\uacfc\uc758 \uc5f0\uacc4 \uc5ec\ubd80) \uc77c\ubd80\ub294 \ucd94\uac00 \ubd84\uc11d\uc774 \ud544\uc694\ud558\ub2e4.<\/li>\n<\/ul>\n<h2>\ucd1d\ud3c9 (Bottom Line)<\/h2>\n<p>\uc774\ubc88 CVE-2025-53690 \uc0ac\uac74\uc740 \uae30\uc220\uc801 \ucde8\uc57d\uc810\uacfc \ud568\uaed8 \uad6c\uc131 \uad00\ub9ac \uc2e4\ud328\uac00 \uacb0\ud569\ud588\uc744 \ub54c \uc870\uc9c1\uc5d0 \uc2ec\uac01\ud55c \uc704\ud5d8\uc744 \ucd08\ub798\ud560 \uc218 \uc788\uc74c\uc744 \ubcf4\uc5ec\uc900\ub2e4. \uc989\uc2dc \uba38\uc2e0 \ud0a4 \uc810\uac80\uacfc \uad50\uccb4, web.config \uc554\ud638\ud654 \ubc0f \uc811\uadfc \ud1b5\uc81c \uc801\uc6a9\uc744 \uad8c\uc7a5\ud558\uba70, CI\/CD \ud30c\uc774\ud504\ub77c\uc778\uacfc \ubc30\ud3ec \ubb38\uc11c\ub97c \ud3ec\ud568\ud55c \uc804\ubc18\uc801 \ubcf4\uc548 \uc815\ucc45\uc744 \uc7ac\uac80\ud1a0\ud574\uc57c \ud55c\ub2e4.<\/p>\n<h2>\ucd9c\ucc98 (Sources)<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.dailysecu.com\" target=\"_blank\" rel=\"noopener\">\ub370\uc77c\ub9ac\uc2dc\ud050 \ubcf4\ub3c4<\/a><\/li>\n<li><a href=\"https:\/\/www.mandiant.com\" target=\"_blank\" rel=\"noopener\">Mandiant \uc870\uc0ac \uc790\ub8cc<\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\" target=\"_blank\" rel=\"noopener\">Microsoft \ubcf4\uc548 \uad8c\uace0<\/a><\/li>\n<li><a href=\"https:\/\/www.tenable.com\" target=\"_blank\" rel=\"noopener\">Tenable \ub9ac\uc11c\uce58 \ucf54\uba58\ud2b8<\/a><\/li>\n<li><a href=\"https:\/\/www.sitecore.com\" target=\"_blank\" rel=\"noopener\">Sitecore \ubcf4\uc548 \uad8c\uace0<\/a><\/li>\n<\/ul>\n<\/article>\n","protected":false},"excerpt":{"rendered":"<p>\uc694\uc57d: 2025\ub144 9\uc6d4, \uc0ac\uc774\ud2b8\ucf54\uc5b4(Sitecore)\uc758 \uc8fc\uc694 \uc81c\ud488(Experience Manager, Experience Platform, Experience Commerce)\uc5d0\uc11c ASP.NET ViewState \uc5ed\uc9c1\ub82c\ud654 \ucde8\uc57d\uc810(CVE-2025-53690)\uc774 \ud655\uc778\ub418\uc5b4 \uc804 \uc138\uacc4\uc5d0\uc11c \uc2e4\uc81c \uacf5\uaca9\uc5d0 \uc545\uc6a9\ub41c \uc815\ud669\uc774 \ud3ec\ucc29\ub410\ub2e4. \uacf5\uaca9\uc790\ub294 \ubb38\uc11c\uc5d0 \ud3ec\ud568\ub41c \uc0d8\ud50c ASP.NET \uba38\uc2e0 \ud0a4\ub97c \uc774\uc6a9\ud574 \uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589(RCE)\uc5d0 \uc131\uacf5\ud588\uc73c\uba70, \ubcf4\uc548\uc5c5\uccb4\ub4e4\uc758 \ub300\uc751 \uad8c\uace0\uac00 \ubc1c\ud45c\ub410\ub2e4. \ud575\uc2ec \uc0ac\uc2e4 (Key Takeaways) CVE-2025-53690\uc740 ASP.NET ViewState \uc5ed\uc9c1\ub82c\ud654 \uacfc\uc815\uc758 \ucde8\uc57d\uc810\uc73c\ub85c, \ub178\ucd9c\ub41c \uba38\uc2e0 \ud0a4\ub85c \uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589\uc774 &#8230; <a title=\"\uc0ac\uc774\ud2b8\ucf54\uc5b4 \uc81c\ub85c\ub370\uc774 CVE-2025-53690, \uc804 \uc138\uacc4\uc11c \uc545\uc6a9\ub41c ViewState \ucde8\uc57d\" class=\"read-more\" href=\"https:\/\/readtrends.com\/ko\/sitecore-cve-2025-53690\/\" aria-label=\"\uc0ac\uc774\ud2b8\ucf54\uc5b4 \uc81c\ub85c\ub370\uc774 CVE-2025-53690, \uc804 \uc138\uacc4\uc11c \uc545\uc6a9\ub41c ViewState \ucde8\uc57d\uc5d0 \ub300\ud574 \ub354 \uc790\uc138\ud788 \uc54c\uc544\ubcf4\uc138\uc694\">\ub354 \uc77d\uae30<\/a><\/p>\n","protected":false},"author":1,"featured_media":1446,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_title":"\uc0ac\uc774\ud2b8\ucf54\uc5b4 \uc81c\ub85c\ub370\uc774 CVE-2025-53690 \ub300\uc751 \uad8c\uace0 | \ub370\uc77c\ub9ac\uc2dc\ud050","rank_math_description":"\uc0ac\uc774\ud2b8\ucf54\uc5b4 \uc81c\ud488\uc5d0\uc11c \ubc1c\uacac\ub41c ViewState \uc81c\ub85c\ub370\uc774 CVE-2025-53690\uc774 \uc804 \uc138\uacc4\uc5d0\uc11c \uc545\uc6a9\ub41c \uc815\ud669\uc774 \ud655\uc778\ub410\uc2b5\ub2c8\ub2e4. \uba38\uc2e0 \ud0a4 \uad50\uccb4\u00b7web.config \uc554\ud638\ud654 \ub4f1 \uc989\uac01\uc801 \ub300\uc751\uc774 \ud544\uc694\ud569\ub2c8\ub2e4.","rank_math_focus_keyword":"\uc0ac\uc774\ud2b8\ucf54\uc5b4,ViewState,CVE-2025-53690,\uba38\uc2e0\ud0a4,\uc6d0\uaca9\ucf54\ub4dc\uc2e4\ud589","footnotes":""},"categories":[2],"tags":[],"class_list":["post-1449","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-top-stories"],"_links":{"self":[{"href":"https:\/\/readtrends.com\/ko\/wp-json\/wp\/v2\/posts\/1449","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/readtrends.com\/ko\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/readtrends.com\/ko\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/readtrends.com\/ko\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/readtrends.com\/ko\/wp-json\/wp\/v2\/comments?post=1449"}],"version-history":[{"count":0,"href":"https:\/\/readtrends.com\/ko\/wp-json\/wp\/v2\/posts\/1449\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/readtrends.com\/ko\/wp-json\/wp\/v2\/media\/1446"}],"wp:attachment":[{"href":"https:\/\/readtrends.com\/ko\/wp-json\/wp\/v2\/media?parent=1449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/readtrends.com\/ko\/wp-json\/wp\/v2\/categories?post=1449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/readtrends.com\/ko\/wp-json\/wp\/v2\/tags?post=1449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}