🔴 CVE-2025-53690

Critical ViewState deserialization vulnerability in Sitecore Experience Manager/Platform allowing remote code execution. Actively exploited in the wild since December 2024, affecting internet-facing Sitecore deployments using default sample machine keys.

← Back to Overview
HIGH_RISK
Risk Level
9.0
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-09-03

Added to CISA KEV: 2025-09-04 1 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-09-06)

Here's what is known about the CVE-2025-53690 vulnerability:

  • Impact on Internet-Facing Applications/Services:
* CVE-2025-53690 affects internet-facing deployments of Sitecore solutions [1][2]. * The vulnerability allows a threat actor to breach these internet-facing systems [2].
  • Evidence of Active Exploitation in the Wild:
* CVE-2025-53690 has been actively exploited in the wild since December 2024 [3]. * It is a zero-day vulnerability, meaning it was exploited before a patch was available [2].
  • Attack Vectors and Exploitation Methods:
* The vulnerability is a ViewState Deserialization vulnerability [1]. * It involves the deserialization of untrusted data in Sitecore Experience Manager (XM) and Sitecore Experience Platform (XP) [4]. * Exploitation leads to code injection [4]. * Attackers can achieve remote code execution (RCE) through this vulnerability [1].
  • Use in Targeted Attacks:
* While not explicitly stated as "targeted attacks," the vulnerability has been used to breach Sitecore deployments, suggesting specific targeting [2].
  • CISA Known Exploited Vulnerabilities (KEV) Status:
* CISA has ordered immediate patching of this critical Sitecore vulnerability [3].
  • Technical Details about Internet Exploitability:
* CVE-2025-53690 is a critical flaw with a CVSS score of 9.0 out of 10.0, indicating high severity [3][5]. * The vulnerability allows for remote code execution and data theft [3].

Sources

  1. ViewState Deserialization Zero-Day Vulnerability in Sitecore ...

    An active ViewState deserialization attack affecting Sitecore products, where attackers achieved remote code execution.

  2. Sitecore zero-day vulnerability exploited by

    A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) to breach internet-facing, on-prem deployments of Sitecore solutions.

  3. CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under ...

    CVE-2025-53690, a critical Sitecore flaw (CVSS 9.0), exploited since Dec 2024, enables RCE and data theft.

  4. CVE-2025-53690 Detail - NVD

    Information Technology Laboratory National Vulnerability DatabaseVulnerabilities…

  5. Vulnerability — Latest News, Reports & Analysis | The Hacker News

    The vulnerability , tracked as CVE-2025-53690 , carries a CVSS score of 9.0 out of a maximum of 10.0, indicating critical severity.Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed