Deserialization Vulnerability in Sitecore Experience Manager and Experience Platform
CVE-2025-53690
Key Information:
- Vendor
Sitecore
- Vendor
- CVE Published:
- 3 September 2025
Badges
What is CVE-2025-53690?
CVE-2025-53690 is a deserialization vulnerability identified in Sitecore Experience Manager (XM) and Sitecore Experience Platform (XP), affecting versions up to 9.0. Sitecore is a leading digital experience platform that allows organizations to manage customer experiences and content across various digital channels. This particular vulnerability arises from the deserialization of untrusted data, which could allow an attacker to execute code injection attacks. If exploited, this could lead to unauthorized access and the ability to manipulate or control the underlying application, posing a significant security risk to organizations that rely on Sitecore for their digital operations.
Potential impact of CVE-2025-53690
-
Unauthorized Code Execution: The vulnerability enables attackers to execute arbitrary code on the server, which could lead to a complete takeover of the affected system. This level of access could be exploited to launch further attacks or gain sensitive information.
-
Data Breaches: Organizations could experience data breaches as attackers exploit this vulnerability to access confidential information stored within the Sitecore platforms, potentially resulting in compliance violations and the loss of customer trust.
-
Operational Disruption: Exploitation of this weakness could lead to significant operational disruption, affecting the availability of critical functions within the organization’s digital ecosystem. This interruption could result in financial losses and damage to the organization's reputation.
CISA has reported CVE-2025-53690
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-53690 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Experience Manager (XM) 0 <= 9.0
Experience Platform (XP) 0 <= 9.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
The Hacker NewsCVE-2025-53690CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation
CVE-2025-53690, a critical Sitecore flaw (CVSS 9.0), exploited since Dec 2024, enables RCE and data theft.
Hackers exploited Sitecore zero-day flaw to deploy backdoors
Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware.
References
EPSS Score
8% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved