Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 08 Sep 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Sitecore experience Commerce
Sitecore managed Cloud
CPEs cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:10.4:-:*:*:*:*:*:*
cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:*
Vendors & Products Sitecore experience Commerce
Sitecore managed Cloud

Wed, 03 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Sitecore
Sitecore experience Manager
Sitecore experience Platform
Vendors & Products Sitecore
Sitecore experience Manager
Sitecore experience Platform

Wed, 03 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 03 Sep 2025 13:00:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
Title Sitecore Experience Remote Code Execution through Insecure Deserialization
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wiz

Published:

Updated: 2025-09-03T13:49:39.605Z

Reserved: 2025-07-08T14:21:02.029Z

Link: CVE-2025-53691

cve-icon Vulnrichment

Updated: 2025-09-03T13:27:57.332Z

cve-icon NVD

Status : Analyzed

Published: 2025-09-03T13:15:49.297

Modified: 2025-09-08T18:30:40.133

Link: CVE-2025-53691

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-03T20:26:42Z