CVE-2025-53693 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Wiz	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 36%

Vendor	Product	Version
sitecore	experience_commerce	9.0 ≤ 𝑥 ≤ 10.4
sitecore	experience_manager	9.0 ≤ 𝑥 ≤ 10.4
sitecore	experience_platform	9.0 ≤ 𝑥 < 10.4
sitecore	experience_platform	10.4
sitecore	managed_cloud	-

𝑥

= Vulnerable software versions

Known Exploits!

https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/

Common Weakness Enumeration

CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

References

https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/

https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667