CVE-2025-53690 | THREATINT

Description

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

PUBLISHED Reserved 2025-07-08 | Published 2025-09-03 | Updated 2025-09-05 | Assigner Wiz

CRITICAL: 9.0CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Date added 2025-09-04 | Due date 2025-09-25

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.