CVE-2025-53690
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability
CVSS
—
Sin CVSS
EPSS
30.8%
p98
KEV
SÍ
4 sept 2025
Exploit Today
79
0-100
Publicado: — · Última mod.: —
Producto
Sitecore / Multiple Products
Vulnerabilidad
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability
Añadido a KEV
4 sept 2025
Remediar antes de
25 sept 2025
Uso conocido en ransomware
No
Descripción resumida
Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution.
Acción requerida
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notas
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53690
Sin CVEs relacionados por CWE o producto.