Unrated severityNVD Advisory· Published Sep 3, 2025· Updated Sep 3, 2025

Information Disclosure in ItemServices API

CVE-2025-53694

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4.

Affected products

Sitecore/Sitecore Experience Manager (XM)llm-create
Range: 9.2 through 10.4
Sitecore/Experience Platform (XP)llm-fuzzy
Range: 9.2 through 10.4
Sitecore/Experience Platform (XP)v5
Range: 9.2
Sitecore/Sitecore Experience Manager (XM)v5
Range: 9.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/mitre
support.sitecore.com/kbmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000