CVE-2025-53690

📊 9.0 CRITICAL⚡ 20.3%🎯 3 exploits🏛️ KEV Listed

📅 Published Sep 3, 2025

📋 Status: Analyzed

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

CVSS v3.1 • 9947ef80-c5d5-474a-bbab-97341a59000e

🎯 Affected Products & Systems

4 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	sitecore	experience commerce	≤ 9.0	Vulnerable	cpe:2.3:a:sitecore:experience_commerce::::::::
📱App	sitecore	experience manager	≤ 9.0	Vulnerable	cpe:2.3:a:sitecore:experience_manager::::::::
📱App	sitecore	experience platform	≤ 9.0	Vulnerable	cpe:2.3:a:sitecore:experience_platform::::::::
📱App	sitecore	managed cloud	All versions	Vulnerable	cpe:2.3:a:sitecore:managed_cloud:-:::::::*

📱

sitecore / experience commerce

Application

Vulnerable

Version: ≤ 9.0

CPE:

cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*

📱

sitecore / experience manager

Application

Vulnerable

Version: ≤ 9.0

CPE:

cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*

📱

sitecore / experience platform

Application

Vulnerable

Version: ≤ 9.0

CPE:

cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*

📱

sitecore / managed cloud

Application

Vulnerable

Version: All versions

CPE:

cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:*

Metrics

9.0 CRITICALCVSS v3.19947ef80-c5d5-474a-bbab-97341a59000e

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector:

NETWORK

Complexity:

HIGH

Privileges:

NONE

User Interaction:

NONE

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Scope:

CHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

9.0 (CRITICAL)v3.1

Source: 9947ef80-c5d5-474a-bbab-97341a59000e

EPSS Details

20.3% (Low)95.3th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Sep 3, 2025 (1 month ago)

Last Modified

Oct 30, 2025 (1 day ago)

Security Weaknesses1

CWE-502

Available exploits (3)

🔐 Sign-in Required

References3

NVDadvisorygeneral