CVE-2025-53690
03.09.2025, 20:15
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.Enginsight
| Vendor | Product | Version |
|---|---|---|
| sitecore | experience_commerce | 𝑥 ≤ 9.0 |
| sitecore | experience_manager | 𝑥 ≤ 9.0 |
| sitecore | experience_platform | 𝑥 ≤ 9.0 |
| sitecore | managed_cloud | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration