Cross-site Scripting Vulnerability in Sitecore Experience Manager and Experience Platform
CVE-2025-53692

7.1HIGH

Key Information:

Vendor: Sitecore
Status: Sitecore Experience Manager (xm); Experience Platform (xp)
Vendor: CVE Published:; 21 September 2025

What is CVE-2025-53692?

A vulnerability has been identified in Sitecore Experience Manager (XM) and Sitecore Experience Platform (XP) that allows for improper neutralization of input during web page generation. This Cross-site Scripting (XSS) vulnerability can permit an attacker to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access to sensitive information or the execution of malicious actions. The issue affects specific versions within the range of 9.2 to 10.4 for both products, necessitating prompt attention from users to mitigate any risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Experience Platform (XP) 9.2 <= 10.4

Sitecore Experience Manager (XM) 9.2 <= 10.4

References

https://support.sitecore.com/kb?id=kb_article_view&syspar...

https://labs.watchtowr.com/disclosed-vulnerabilities/

https://chudypb.github.io/

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2025
Vulnerability Reserved
Jul 8, 2025

JSON

Sitecore