CVE-2025-53693

Summary

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.

Affected Software

VendorProductVersion RangeStatus
SitecoreSitecore Experience Manager (XM)9.0 <= 9.3affected
SitecoreSitecore Experience Manager (XM)10.0 <= 10.4affected
SitecoreExperience Platform (XP)9.0 <= 9.3affected
SitecoreExperience Platform (XP)10.0 <= 10.4affected

Weaknesses

  • CWE-470: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References