CVE-2025-53691

Summary

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.

Affected Software

VendorProductVersion RangeStatus
SitecoreExperience Manager (XM)9.0 <= 9.3affected
SitecoreExperience Manager (XM)10.0 <= 10.4affected
SitecoreExperience Platform (XP)9.0 <= 9.3affected
SitecoreExperience Platform (XP)10.0 <= 10.4affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References