CVE-2025-53690

CRITICAL KEV

Sitecore XM/X <9.0 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-53690 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 4, 2025. EIP tracks 3 public exploits from researchers including ErikLearningSec, rxerium, m0d0ri205.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-53690, targeting a Sitecore Viewstate deserialization vulnerability. The exploit sends a crafted POST request with a malicious __VIEWSTATE parameter to achieve remote code execution.

Description

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

Exploits (3)

github WORKING POC 8 stars
by ErikLearningSec · c#remote
https://github.com/ErikLearningSec/CVE-2025-53690-POC

This repository contains a functional exploit for CVE-2025-53690, targeting a Sitecore Viewstate deserialization vulnerability. The exploit sends a crafted POST request with a malicious __VIEWSTATE parameter to achieve remote code execution.

Classification
Working Poc 90%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Sitecore
No auth needed
Prerequisites: Access to the Sitecore default endpoint
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec SCANNER 5 stars
by rxerium · poc
https://github.com/rxerium/CVE-2025-53690

This repository contains a Nuclei template for detecting CVE-2025-53690, a deserialization vulnerability in Sitecore CMS versions 9.0 and below. The template checks the version by fetching sitecore.version.xml and comparing it against known vulnerable versions.

Classification
Scanner 95%
Attack Type
Deserialization
Complexity
Trivial
Reliability
Reliable
Target: Sitecore Experience Manager (XM) and Experience Platform (XP) through 9.0
No auth needed
Prerequisites: Access to the target Sitecore instance
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WRITEUP 3 stars
by m0d0ri205 · poc
https://github.com/m0d0ri205/CVE-2025-53690-Analysis

This repository provides a detailed technical analysis of CVE-2025-53690, a critical ViewState deserialization vulnerability in Sitecore products. It includes root cause analysis, attack vectors, real-world exploitation examples, and mitigation strategies.

Classification
Writeup 100%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Sitecore Experience Manager (XM) - 9.0 and below, Sitecore Experience Platform (XP) - 9.0 and below, Sitecore Experience Commerce (XC), Sitecore Managed Cloud, Active Directory module 1.4 and below
No auth needed
Prerequisites: Exposed ASP.NET machine key · Access to vulnerable endpoint (/sitecore/blocked.aspx)
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.0
EPSS 0.0515
EPSS Percentile 90.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2025-09-04
VulnCheck KEV 2025-09-03
ENISA EUVD EUVD-2025-26629
CWE
CWE-502
Status published
Products (4)
sitecore/experience_commerce < 9.0
sitecore/experience_manager < 9.0
sitecore/experience_platform < 9.0
sitecore/managed_cloud
Published Sep 03, 2025
KEV Added Sep 04, 2025
Tracked Since Feb 18, 2026