CVE-2025-53690
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability - [Actively Exploited]
Description
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.
INFO
Published Date :
Sept. 3, 2025, 8:15 p.m.
Last Modified :
Sept. 5, 2025, 1:48 p.m.
Remotely Exploit :
Yes !
Source :
9947ef80-c5d5-474a-bbab-97341a59000e
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53690
Affected Products
The following products are affected by CVE-2025-53690
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | 9947ef80-c5d5-474a-bbab-97341a59000e | ||||
| CVSS 3.1 | CRITICAL | MITRE-CVE |
Solution
- Update Sitecore Experience Manager (XM) or Platform (XP).
- Apply relevant security patches from Sitecore.
- Validate the integrity of all deserialized data.
Public PoC/Exploit Available at Github
CVE-2025-53690 has a 9 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-53690.
| URL | Resource |
|---|---|
| https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability | Exploit Third Party Advisory |
| https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865 | Vendor Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-53690 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-53690
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
This is CVE-2025-53690 Analysis Documents.
CVE-2025-53690
Detection for CVE-2025-53690
cisa kev sitecore zeroday cve-2025-53690
None
Dockerfile Python
监控Github最新网络安全相关的仓库...
cve cybersecurity github spider
Shell Python Nix
CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild and CryptoGen Nepal aims to simplify this for the general public in a more understandable way as well as in a format that can be easily integrated into their threat intelligence systems.
cve json rss cgn cisa kev
Python HTML
None
Python
Journey through the cryptic corridors of code. Unravel the secrets encoded in the shadows. Welcome to the realm where algorithms whisper in binary tongues. Dare to explore, for within lies the essence of innovation.
computer-architecture computer-engineering computer-science data-engineering research-and-development research-software-engineering software-engineering
Python Nix CSS
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-53690 vulnerability anywhere in the article.
-
TheCyberThrone
CISA Adds Sitecore, Linux Kernel, and TP-Link Flaws to KEV Catalog
September 7, 2025The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, flagging new security threats that are actively being explo ... Read more
-
Help Net Security
Week in review: Several companies affected by the Salesloft Drift breach, Sitecore 0-day vulnerability
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft Drift breach In the wake of last ... Read more
-
Daily CyberSecurity
Unity 6.3 Makes Gaming More Accessible for Visually Impaired Players
Amid the gaming industry’s growing emphasis on accessibility by design, Unity has announced that the latest Unity 6000.3.0a5 alpha release now includes native support for built-in screen readers on bo ... Read more
-
Daily CyberSecurity
Apple Sued for Training AI on Pirated Books
With the rapid rise of generative AI technologies, the tech industry has increasingly found itself entangled in copyright disputes. Following a series of lawsuits against AI companies accused of using ... Read more
-
Daily CyberSecurity
Two New High-Severity Flaws in FreePBX Puts Admins and APIs at Risk
The FreePBX project has issued an important security advisory addressing two vulnerabilities that pose significant risks to administrators and API-integrated systems. The flaws—CVE-2025-55209 (CVSS 7. ... Read more
-
Daily CyberSecurity
Beyond Cracked Apps: New macOS Malware Is Using the Terminal to Steal Data
The Trend Micro Research team has uncovered a new campaign distributing Atomic macOS Stealer (AMOS), a malware family designed to exfiltrate sensitive data from Apple devices. While macOS has historic ... Read more
-
The Hacker News
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation
Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw that has come under active expl ... Read more
-
Daily CyberSecurity
Windows Update Is Causing Unexpected UAC Prompts and App Installation Issues
According to a notice published on the Windows Health Dashboard, Microsoft has confirmed that the routine security updates released in August are causing unexpected UAC (User Account Control) prompts ... Read more
-
Daily CyberSecurity
Argo CD Patches Critical CVSS 10 Vulnerability Exposing Repository Credentials (CVE-2025-55190)
The Argo CD project has disclosed and patched a critical vulnerability (CVE-2025-55190, CVSS 10) affecting its popular GitOps continuous delivery platform for Kubernetes. The flaw, found in the Projec ... Read more
-
Daily CyberSecurity
CISA Adds Three New Vulnerabilities to Catalog, Urges Immediate Patching
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild ... Read more
-
Daily CyberSecurity
CVE-2025-56752: Remote Attackers Can Gain Full Administrative Access to Affected Ruijie Networks Devices Without Authentication
Ruijie Networks has released a security advisory addressing a critical vulnerability in its Reyee RG-ES series switches that could allow attackers to modify device login credentials without authorizat ... Read more
-
Daily CyberSecurity
CVE-2025-53187: Critical RCE in ABB ASPECT BMS with CVSS 9.8, No Prior Authentication
ABB has issued a cybersecurity advisory disclosing multiple vulnerabilities affecting its ASPECT Building Management System (BMS), including an authentication bypass rated CVSS 9.8. While patches exis ... Read more
-
The Register
Attackers snooping around Sitecore, dropping malware via public sample keys
Unknown miscreants are exploiting a configuration vulnerability in multiple Sitecore products to achieve remote code execution via a publicly exposed key and deploy snooping malware on infected machin ... Read more
-
BleepingComputer
Hackers exploited Sitecore zero-day flaw to deploy backdoors
Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState deserializ ... Read more
-
TheCyberThrone
Critical Sitecore Zero-Day Flaw
September 4, 2025IntroductionOn September 3, 2025, a critical zero-day vulnerability (CVE-2025-53690) in the Sitecore Experience Platform sent shockwaves through the enterprise content management comm ... Read more
-
Help Net Security
macOS vulnerability allowed Keychain and iOS app decryption without a password
Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability (CVE-2025-24204) that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. Th ... Read more
-
Help Net Security
Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690)
A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandi ... Read more
-
security.nl
Mandiant meldt actief misbruik van kritiek beveiligingslek in Sitecore-producten
Aanvallers maken actief misbruik van een kritieke kwetsbaarheid in verschillende Sitecore-producten, zo waarschuwt securitybedrijf Mandiant. Sitecore roept kwetsbare klanten op om verschillende maatre ... Read more
-
CybersecurityNews
Google Warns of Zero-Day Vulnerability in Sitecore Products Allowing Remote Code Execution
A critical zero-day vulnerability in several Sitecore products could allow attackers to execute code remotely. The vulnerability, identified as CVE-2025-53690, stems from a ViewState deserialization f ... Read more
The following table lists the changes that have been made to the
CVE-2025-53690 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Sep. 05, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:* *cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:* versions up to (including) 9.0 *cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:* versions up to (including) 9.0 *cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:* versions up to (including) 9.0 Added Reference Type Wiz: https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability Types: Exploit, Third Party Advisory Added Reference Type Wiz: https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865 Types: Vendor Advisory -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Sep. 05, 2025
Action Type Old Value New Value Added Date Added 2025-09-04 Added Due Date 2025-09-25 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability -
New CVE Received by 9947ef80-c5d5-474a-bbab-97341a59000e
Sep. 03, 2025
Action Type Old Value New Value Added Description Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0. Added CVSS V3.1 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Added CWE CWE-502 Added Reference https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability Added Reference https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865