CISA has issued an urgent alert regarding CVE-2025-53690, a critical vulnerability impacting Sitecore Experience Manager (XM) and Sitecore Experience Platform (XP) — widely used, cloud-based enterprise CMS platforms.
The new found vulnerability is classified as a Deserialization of Untrusted Data vulnerability and was reported in both Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).
This high-severity vulnerability could allow attackers to run Code Injection attacks and possibily gain elevated control over affected servers running unpatched instances of Sitecore.
This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0. At the time of writing, no public exploit was released for CVE-2025-53690.
A security researcher has released a nuclei template to bulk scan and detect unpatched Sitecore’s instances.
Shodan Query:
http.title:"sitecore"The vulnerability was discovered by Google’s Mandiant while investigating ongoing attacks against Sitecore environments. Attackers were able to exploit an exposed ASP.NET machine key to achieve remote code execution (RCE).
CVE-2025-53690, affects customers who deployed any version of multiple Sitecore products using the sample key exposed in publicly available deployment guides (specifically Sitecore XP 9.0 and Active Directory 1.4 and earlier versions).
Sitecore has confirmed that its updated deployments automatically generate a unique machine key and that affected customers have been notified.
