CVE-2025-53690CISA KEV: Actively Exploited

Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability

Published Sep 4, 2025·Updated Sep 4, 2025

Description

Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution.

Public Exploits & PoCs4 found

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free