VDB

CVE-2025-53690

CVE-2025-53690 PUBLISHED KEV CVSS 9 CRITICAL

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

EPSS 5.15% · 90.1th percentile

Risk Scores

CVSS 3.1
9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
5.15%
90.1th percentile

Affected Products

VendorProductVersions
sitecoreexperience_commerce0
SitecoreExperience Manager (XM)0
sitecoreexperience_platform0
sitecoremanaged_cloud
sitecoreexperience_manager0
SitecoreExperience Platform (XP)0

Exploit Intelligence

…and 96 more exploits

Timeline

  • Sep 3, 2025 Coalition ESS Score
  • Sep 3, 2025 PoC Published
  • Sep 3, 2025 PoC Published
  • Sep 3, 2025 PoC Published
  • Sep 3, 2025 CVE Published
  • Sep 3, 2025 PoC Published
  • Sep 3, 2025 PoC Published
  • Sep 3, 2025 PoC Published
  • Sep 4, 2025 CISA KEV Added
  • Sep 4, 2025 EPSS Score
  • Sep 4, 2025 PoC Published
  • Sep 4, 2025 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›