All the vulnerabilites related to Sitecore - Experience Manager (XM)
cve-2025-53690
Vulnerability from cvelistv5
Published
2025-09-03 20:04
Modified
2025-09-05 03:55
Severity ?
EPSS score ?
Summary
Sitecore Products ViewState Deserialization Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Sitecore | Experience Manager (XM) | |
| Sitecore | Experience Platform (XP) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53690",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53690"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T03:55:32.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2025-09-04T00:00:00+00:00",
"value": "CVE-2025-53690 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Experience Manager (XM)",
"vendor": "Sitecore",
"versions": [
{
"lessThanOrEqual": "9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Experience Platform (XP)",
"vendor": "Sitecore",
"versions": [
{
"lessThanOrEqual": "9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eCustomers who followed the deployment instructions provided with XP 9.0 or earlier and Active Directory 1.4 or earlier and used the sample machine key (for example, machine key: BDDFE367CD..., validation key: 0DAC68D020...) are vulnerable.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Customers who followed the deployment instructions provided with XP 9.0 or earlier and Active Directory 1.4 or earlier and used the sample machine key (for example, machine key: BDDFE367CD..., validation key: 0DAC68D020...) are vulnerable."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mandiant Threat Defense"
}
],
"datePublic": "2025-09-03T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.\u003cp\u003eThis issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T20:04:48.223Z",
"orgId": "9947ef80-c5d5-474a-bbab-97341a59000e",
"shortName": "Wiz"
},
"references": [
{
"url": "https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability"
},
{
"url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1003865"
}
],
"source": {
"discovery": "USER"
},
"title": "Sitecore Products ViewState Deserialization Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9947ef80-c5d5-474a-bbab-97341a59000e",
"assignerShortName": "Wiz",
"cveId": "CVE-2025-53690",
"datePublished": "2025-09-03T20:04:48.223Z",
"dateReserved": "2025-07-08T14:21:02.028Z",
"dateUpdated": "2025-09-05T03:55:32.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-34138
Vulnerability from cvelistv5
Published
2025-07-25 15:54
Modified
2025-07-25 18:16
Severity ?
EPSS score ?
Summary
Sitecore XM/XP/XC and Managed Cloud 9.2 - 10.4 RCE
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003743 | vendor-advisory, patch | |
| https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003734 | vendor-advisory, patch | |
| https://www.vulncheck.com/advisories/sitecore-xm-xp-xc-managed-cloud-rce | third-party-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T18:16:39.786159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T18:16:54.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Experience Manager (XM)",
"vendor": "Sitecore",
"versions": [
{
"lessThanOrEqual": "10.4 Initial Release",
"status": "affected",
"version": "9.2 Initial Release",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Experience Platform (XP)",
"vendor": "Sitecore",
"versions": [
{
"lessThanOrEqual": "10.4 Initial Release",
"status": "affected",
"version": "9.2 Initial Release",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Experience Commerce (XC)",
"vendor": "Sitecore",
"versions": [
{
"lessThanOrEqual": "10.4 Initial Release",
"status": "affected",
"version": "9.2 Initial Release",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Managed Cloud",
"vendor": "Sitecore",
"versions": [
{
"lessThanOrEqual": "10.4 Initial Release",
"status": "affected",
"version": "9.2 Initial Release",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sitecore"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Sitecore\u0026nbsp;\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eExperience Manager (XM),\u0026nbsp;\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eExperience Platform (XP),\u0026nbsp;\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eExperience Commerce (XC), and\u0026nbsp;\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eManaged Cloud that could allow remote code execution or\u0026nbsp;\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eunauthorized access to information.\u003c/span\u003e\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003e\u0026nbsp;\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003e\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003e\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eThis vulnerability affects all Experience Platform topologies (XM, XP, XC) from 9.2 Initial Release through 10.4 Initial Release. PaaS and containerized solutions are similarly affected.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in Sitecore\u00a0Experience Manager (XM),\u00a0Experience Platform (XP),\u00a0Experience Commerce (XC), and\u00a0Managed Cloud that could allow remote code execution or\u00a0unauthorized access to information.\u00a0This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 9.2 Initial Release through 10.4 Initial Release. PaaS and containerized solutions are similarly affected."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T15:54:47.306Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1003743"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1003734"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sitecore-xm-xp-xc-managed-cloud-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sitecore XM/XP/XC and Managed Cloud 9.2 - 10.4 RCE",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34138",
"datePublished": "2025-07-25T15:54:47.306Z",
"dateReserved": "2025-04-15T19:15:22.562Z",
"dateUpdated": "2025-07-25T18:16:54.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-34139
Vulnerability from cvelistv5
Published
2025-07-25 15:54
Modified
2025-07-25 18:21
Severity ?
EPSS score ?
Summary
Sitecore XM/XP/XC and Managed Cloud 8.0 - 10.4 Arbitrary File Read
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003650 | vendor-advisory, patch | |
| https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003661 | vendor-advisory, patch | |
| https://www.vulncheck.com/advisories/sitecore-xm-xp-xc-managed-cloud-arbitrary-file-read | third-party-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T18:20:58.705145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T18:21:11.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Experience Manager (XM)",
"vendor": "Sitecore",
"versions": [
{
"lessThanOrEqual": "10.4 Initial Release and later",
"status": "affected",
"version": "8.0 Initial Release",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Experience Platform (XP)",
"vendor": "Sitecore",
"versions": [
{
"lessThanOrEqual": "10.4 Initial Release and later",
"status": "affected",
"version": "8.0 Initial Release",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Experience Commerce (XC)",
"vendor": "Sitecore",
"versions": [
{
"lessThanOrEqual": "10.4 Initial Release and later",
"status": "affected",
"version": "8.0 Initial Release",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Managed Cloud",
"vendor": "Sitecore",
"versions": [
{
"lessThanOrEqual": "10.4 Initial Release and later",
"status": "affected",
"version": "8.0 Initial Release",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sitecore"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Sitecore\u0026nbsp;\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eExperience Manager (XM),\u0026nbsp;\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eExperience Platform (XP),\u0026nbsp;\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eExperience Commerce (XC), and\u0026nbsp;\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eManaged Cloud that could allow an unauthenticated attacker to read arbitrary files\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003e.\u0026nbsp;\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003e\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eThis vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in Sitecore\u00a0Experience Manager (XM),\u00a0Experience Platform (XP),\u00a0Experience Commerce (XC), and\u00a0Managed Cloud that could allow an unauthenticated attacker to read arbitrary files.\u00a0This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T15:54:25.297Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1003650"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1003661"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sitecore-xm-xp-xc-managed-cloud-arbitrary-file-read"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sitecore XM/XP/XC and Managed Cloud 8.0 - 10.4 Arbitrary File Read",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34139",
"datePublished": "2025-07-25T15:54:25.297Z",
"dateReserved": "2025-04-15T19:15:22.563Z",
"dateUpdated": "2025-07-25T18:21:11.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-53691
Vulnerability from cvelistv5
Published
2025-09-03 12:36
Modified
2025-09-03 13:49
Severity ?
EPSS score ?
Summary
Sitecore Experience Remote Code Execution through Insecure Deserialization
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Sitecore | Experience Manager (XM) | |
| Sitecore | Experience Platform (XP) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53691",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T13:49:10.233307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T13:49:39.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Experience Manager (XM)",
"vendor": "Sitecore",
"versions": [
{
"lessThanOrEqual": "9.3",
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Experience Platform (XP)",
"vendor": "Sitecore",
"versions": [
{
"lessThanOrEqual": "9.3",
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Piotr Bazydlo of watchTowr"
}
],
"datePublic": "2025-09-03T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).\u003cp\u003eThis issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T12:36:59.561Z",
"orgId": "9947ef80-c5d5-474a-bbab-97341a59000e",
"shortName": "Wiz"
},
"references": [
{
"url": "https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/"
},
{
"url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1003667"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sitecore Experience Remote Code Execution through Insecure Deserialization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9947ef80-c5d5-474a-bbab-97341a59000e",
"assignerShortName": "Wiz",
"cveId": "CVE-2025-53691",
"datePublished": "2025-09-03T12:36:59.561Z",
"dateReserved": "2025-07-08T14:21:02.029Z",
"dateUpdated": "2025-09-03T13:49:39.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}