CVE-2025-53690
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability
⚠ KEVEPSS 5.2%
Description
Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution.
How to fix CVE-2025-53690
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2025-53690 being exploited?
Yes — CVE-2025-53690 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.