CVE-2025-53691
BaseFortify
Publication date: 2025-09-03
Last updated on: 2025-09-08
Assigner: Wiz
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sitecore | experience_commerce | From 9.0 (inc) to 10.4 (inc) |
| sitecore | experience_manager | From 9.0 (inc) to 10.4 (inc) |
| sitecore | experience_platform | From 9.0 (inc) to 10.4 (exc) |
| sitecore | experience_platform | 10.4 |
| sitecore | managed_cloud | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Deserialization of Untrusted Data issue in Sitecore Experience Manager (XM) and Sitecore Experience Platform (XP). It allows an attacker to execute remote code on affected systems by exploiting the way these products deserialize data from untrusted sources. The affected versions include XM and XP from 9.0 through 9.3 and from 10.0 through 10.4.
How can this vulnerability impact me? :
The vulnerability can lead to Remote Code Execution (RCE), which means an attacker could run arbitrary code on your system remotely. This can result in full compromise of the affected system, including unauthorized access, data theft, data modification, or disruption of services.