THREAT OPS › CVEs › CVE-2025-53690
CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability
Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution.
Vulnerability details
- Affected productsMultiple Products
- KEV remediation due2025-09-25