CVE-2025-53690: Sitecore Multiple Products Deserialization of Untrusted
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability. Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution.
- CISA KEV-listed (remediation due 2025-09-25)
- EPSS 5.2% (90.1% percentile)