Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker?&web_view=true
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776