A critical vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP), tracked as CVE-2025-53690, is being actively exploited in the wild. This zero-day flaw, which was disclosed on September 3, 2025, has a CVSS score of 9, indicating its severe potential impact. The vulnerability arises from the deserialization of untrusted data, which allows attackers to inject malicious code into affected systems.
The vulnerability affects Sitecore XM and XP versions up to 9.0. It was added to the Known Exploited Vulnerabilities (KEV) catalog on September 4, 2025, underscoring the urgency for organizations to address this issue. The Exploit Prediction Scoring System (EPSS) rates the likelihood of exploitation at 0.085, and the Security Severity Vulnerability Classification (SSVC) advises immediate attention.
Proof-of-concept (PoC) exploits for CVE-2025-53690 are already available, with two distinct PoCs circulating. The time-to-exploit (TTE) was remarkably short, with attackers leveraging the vulnerability within just 0.2 days of its disclosure. This rapid exploitation highlights the critical need for organizations using Sitecore products to prioritize patching and mitigation efforts.
Sitecore has not yet released a patch, but organizations are urged to implement available workarounds and monitor their systems for any signs of compromise. Security teams should focus on identifying and securing vulnerable instances of Sitecore XM and XP, ensuring that deserialization processes are adequately protected against untrusted data inputs.
CSURFACE