CVE-2025-53690CRITICAL · 9.0TrackedCISA KEV

Sitecore · Multiple Products

Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution.

Disclosed

2025-09-03

279 days ago

Status

no honeypot capture yet

on CISA KEV — watching

7-day events

across 0 distinct IPs

7-day spread

0 ASN · 0 cty

0 active days

Top ASNs

No events captured yet.

Top countries

No events captured yet.

References

https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865
https://nvd.nist.gov/vuln/detail/CVE-2025-53690

↗ NVD ↗ CISA KEV ↗ Search analyses