8.8

CVE-2025-53691

Exploit

EPSS 1.44%
Veröffentlicht 03.09.2025 12:36:59
Zuletzt bearbeitet 08.09.2025 18:30:40
Quelle 9947ef80-c5d5-474a-bbab-97341a
CVE-Watchlists
Login
Unerledigt
Login

Sitecore Experience Remote Code Execution through Insecure Deserialization

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 5 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sitecore ≫ Experience Commerce Version >= 9.0 <= 10.4

Sitecore ≫ Experience Manager Version >= 9.0 <= 10.4

Sitecore ≫ Experience Platform Version >= 9.0 < 10.4

Sitecore ≫ Experience Platform Version10.4 Update-

Sitecore ≫ Managed Cloud Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.44%	0.697

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
9947ef80-c5d5-474a-bbab-97341a59000e	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667

Vendor Advisory

https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-53691

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-53691

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-53691

EUVD