CVE-2025-53694

HIGH

Sitecore Experience Manager and Experience Platform 9.2-10.4 - Exposure of Sensitive Information

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2025-53694. PoCs published by blueisbeautiful, fuckyourheroes, brokendreamsclub.

AI-analyzed exploit summary This repository contains a functional exploit chain for Sitecore XP, combining information disclosure, cache poisoning, and deserialization-based RCE. The `chain.py` script orchestrates the attack, while detailed technical analysis is provided in `REPORT.md`.

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4.

Exploits (6)

nomisec WORKING POC
by blueisbeautiful · poc
https://github.com/blueisbeautiful/CVE-2025-53694-to-CVE-2025-53691

This repository contains a functional exploit chain for Sitecore XP, combining information disclosure, cache poisoning, and deserialization-based RCE. The `chain.py` script orchestrates the attack, while detailed technical analysis is provided in `REPORT.md`.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Sitecore Experience Platform (XP) up to 10.4.1
No auth needed
Prerequisites: Network access to target Sitecore instance · Python environment with `requests` library
devstral-2 · analyzed May 12, 2026 Full analysis →
nomisec WORKING POC
by fuckyourheroes · poc
https://github.com/fuckyourheroes/CVE-2025-53694-to-CVE-2025-53691

This repository contains a functional exploit chain for Sitecore XP (up to 10.4.1), combining CVE-2025-53694 (info disclosure), CVE-2025-53693 (cache poisoning), and CVE-2025-53691 (RCE via deserialization). The `chain.py` script orchestrates the full attack, while the `REPORT.md` provides technical analysis of each vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sitecore Experience Platform (XP) up to 10.4.1
No auth needed
Prerequisites: Network access to Sitecore instance · Python environment
devstral-2 · analyzed May 03, 2026 Full analysis →
nomisec WORKING POC
by brokendreamsclub · poc
https://github.com/brokendreamsclub/CVE-2025-53694-to-CVE-2025-53691

This repository contains a functional exploit chain for Sitecore XP (up to 10.4.1), combining information disclosure (CVE-2025-53694), cache poisoning (CVE-2025-53693), and deserialization-based RCE (CVE-2025-53691). The `chain.py` script orchestrates the full attack, while the README and REPORT.md provide detailed technical analysis.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Sitecore Experience Platform (XP) up to 10.4.1
No auth needed
Prerequisites: Network access to Sitecore instance · Unauthenticated access to vulnerable endpoints
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by blueisbeautiful · poc
https://github.com/blueisbeautiful/CVE-2025-53694

The repository contains a functional Python exploit for CVE-2025-53694, an information disclosure vulnerability in Sitecore's ItemService API. The exploit demonstrates unauthenticated enumeration of Sitecore database items via the `/sitecore/shell/api/sitecore/ItemService/GetChildren` endpoint, including brute-forcing GUIDs and extracting sensitive data.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Sitecore Experience Platform (XP)
No auth needed
Prerequisites: Network access to the Sitecore instance · ItemService API endpoint exposed
devstral-2 · analyzed May 12, 2026 Full analysis →
nomisec WORKING POC
by fuckyourheroes · poc
https://github.com/fuckyourheroes/CVE-2025-53694

The repository contains a functional Python exploit for CVE-2025-53694, an information disclosure vulnerability in Sitecore's ItemService API. The exploit demonstrates unauthenticated enumeration of Sitecore database items by brute-forcing GUIDs and databases, extracting sensitive configuration and user data.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Sitecore Experience Platform (Sitecore XP)
No auth needed
Prerequisites: Network access to the Sitecore instance · ItemService API endpoint exposed
devstral-2 · analyzed May 03, 2026 Full analysis →
nomisec WORKING POC
by brokendreamsclub · poc
https://github.com/brokendreamsclub/CVE-2025-53694

The repository contains a functional Python exploit for CVE-2025-53694, an information disclosure vulnerability in Sitecore's ItemService API. The exploit demonstrates unauthenticated enumeration of Sitecore database items, including sensitive data extraction, by leveraging the `/sitecore/shell/api/sitecore/ItemService/GetChildren` endpoint.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Sitecore Experience Platform (XP)
No auth needed
Prerequisites: Network access to the Sitecore instance · Exposed ItemService API endpoint
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0534
EPSS Percentile 91.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (5)
sitecore/experience_commerce 9.2 - 10.4
sitecore/experience_manager 9.2 - 10.4
sitecore/experience_platform 10.4
sitecore/experience_platform 9.2 - 10.4
sitecore/managed_cloud
Published Sep 03, 2025
Tracked Since Feb 18, 2026