Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
History

Wed, 03 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Sitecore
Sitecore experience Manager
Sitecore experience Platform
Vendors & Products Sitecore
Sitecore experience Manager
Sitecore experience Platform

Wed, 03 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 03 Sep 2025 13:00:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
Title Sitecore Experience Remote Code Execution through Insecure Deserialization
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wiz

Published:

Updated: 2025-09-03T13:49:39.605Z

Reserved: 2025-07-08T14:21:02.029Z

Link: CVE-2025-53691

cve-icon Vulnrichment

Updated: 2025-09-03T13:27:57.332Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-03T13:15:49.297

Modified: 2025-09-04T15:36:56.447

Link: CVE-2025-53691

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-03T20:26:42Z