Unrated severityCISA KEVNVD Advisory· Published Sep 3, 2025· Updated Feb 26, 2026
Sitecore Products ViewState Deserialization Vulnerability
CVE-2025-53690
Description
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <=9.0
<=9.0+ 1 more
- (no CPE)range: <=9.0
- (no CPE)range: 0
- Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.