CVE-2025-53691

🗓️ 03 Sep 2025 12:36:59Reported by WizType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 23 Views

Untrusted data deserialization in Sitecore XM and XP enables remote code execution; affects XM and XP versions 9.0–10.4.

Reporter	Title	Published	Views	Family All 11
GithubExploit	Exploit for CVE-2025-53691	1 Sep 202514:43	–	githubexploit
GithubExploit	Exploit for CVE-2025-53691	1 Sep 202514:30	–	githubexploit
Circl	CVE-2025-53691	29 Aug 202514:35	–	circl
CNNVD	Sitecore Experience Manager 安全漏洞	3 Sep 202500:00	–	cnnvd
Cvelist	CVE-2025-53691 Sitecore Experience Remote Code Execution through Insecure Deserialization	3 Sep 202512:36	–	cvelist
EUVD	EUVD-2025-26499	3 Oct 202520:07	–	euvd
NVD	CVE-2025-53691	3 Sep 202513:15	–	nvd
Positive Technologies	PT-2025-35313	29 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-53691	5 Sep 202513:28	–	redhatcve
The Hacker News	Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution	29 Aug 202517:22	–	thn

NVD

Node

sitecore experience_commerceRange9.0–10.4

sitecore experience_managerRange9.0–10.4

sitecore experience_platformRange9.0–10.4

sitecore experience_platformMatch10.4-

sitecore managed_cloudMatch-

[
  {
    "defaultStatus": "unaffected",
    "product": "Experience Manager (XM)",
    "vendor": "Sitecore",
    "versions": [
      {
        "lessThanOrEqual": "9.3",
        "status": "affected",
        "version": "9.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.4",
        "status": "affected",
        "version": "10.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Experience Platform (XP)",
    "vendor": "Sitecore",
    "versions": [
      {
        "lessThanOrEqual": "9.3",
        "status": "affected",
        "version": "9.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.4",
        "status": "affected",
        "version": "10.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
support	www.support.sitecore.com/kb
labs	www.labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/

08 Sep 2025 18:30Current

7.2High risk

Vulners AI Score7.2

CVSS 3.18.8

EPSS0.05038

SSVC

CWE-502