Home

Description

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.

PUBLISHED Reserved 2025-07-08 | Published 2025-09-03 | Updated 2025-09-03 | Assigner Wiz




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Product status

Default status
unaffected

9.0 (semver)
affected

10.0 (semver)
affected

Default status
unaffected

9.0 (semver)
affected

10.0 (semver)
affected

Credits

Piotr Bazydlo of watchTowr finder

References

labs.watchtowr.com/...ience-platform-cache-poisoning-to-rce/

support.sitecore.com/...ticle_view&sysparm_article=KB1003667

cve.org (CVE-2025-53693)

nvd.nist.gov (CVE-2025-53693)

Download JSON