Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Sep 25, 2025

CVE-2025-53690

High
EPSS 10.0%CISA KEV
Sitecore/Multiple Products

Description

Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution.

EPSS — Exploit Probability

10.0%

Higher than 93.0% of all CVEs

Required Action

https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53690

Risk Assessment

ELEVATED
In CISA KEV

Details

Severity
High
EPSS
10.0%
CISA KEV
Yes
Ransomware
Unknown
Articles
0

Timeline

Published

Sep 4, 2025

Added to KEV

Sep 4, 2025

Remediation Due

Sep 25, 2025

Affected Product

Sitecore

Multiple Products

View all Sitecore CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE