CVE-2025-53690
Published Sep 3, 2025
Last updated 3 days ago
AI description
CVE-2025-53690 is a ViewState deserialization vulnerability affecting Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud. The vulnerability stems from the reuse of a sample ASP.NET machine key that was included in official Sitecore deployment guides prior to 2017 and, in some instances, mistakenly implemented in production environments. Attackers who possess this key can create malicious __VIEWSTATE payloads, bypassing validation and enabling code execution on the targeted server. This turns a misconfiguration into a Remote Code Execution (RCE) vector. The initial compromise can grant attackers access under the NETWORK SERVICE account. The WEEPSTEEL malware may be deployed to gather system, network, and user information.
- Description
- Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.
- Source
- 9947ef80-c5d5-474a-bbab-97341a59000e
- NVD status
- Analyzed
- Products
- experience_commerce, experience_manager, experience_platform, managed_cloud
CVSS 3.1
- Type
- Secondary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Sep 4, 2025
- Exploit action due
- Sep 25, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 9947ef80-c5d5-474a-bbab-97341a59000e
- CWE-502
- Hype score
- Not currently trending
CVE-2025-53690 in Sitecore (XM, XP, XC, Managed Cloud) is under active exploitation. A ViewState deserialization bug enables unauthenticated RCE via exposed default https://t.co/oIGc0FHqST machine keys. CISA mandates patch by Sept 25. #CyberSecurity #CVE202553690 #Sitecore http
@CloneSystemsInc
8 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-53690 🚨 Attackers are exploiting old Sitecore setups using a legacy key to launch WEEPSTEEL malware. It’s not a bug; it’s a configuration mistake now weaponised. Are your systems safe? Details 👇 https://t.co/nwcl6QHoAo #SOCRadar #cybersecuritytips #zerod
@socradar
8 Sept 2025
60 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Mandiant uncovered Sitecore CVE-2025-53690 exploitation via ViewState deserialization using exposed https://t.co/PGRGNLeuSX machine key, enabling remote code execution and deployment of WEEPSTEEL, EARTHWORM, DWAGENT for AD reconnaissance and data theft. … https://t.co/az2Sf6Rcj
@TweetThreatNews
8 Sept 2025
133 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation. The vulnerability, tracked as CVE-2025-53690, carries a CVSS score of 9.0 out of a maximum of 10.0, indicating critical severity. https://t.co/s1Py8xoLQf https://t.co/xY0BLLzqkp
@riskigy
7 Sept 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CYBER ALERT - 07/09/2025 CISA mandates federal agencies patch Sitecore zero-day (CVE-2025-53690) by Sept 25 after recent attacks reported. 💡 Update systems ASAP Source: https://t.co/IzgcHRi5mu
@kernyx64
7 Sept 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Sitecore Vulnerability Exploited @Mandiant reports CVE-2025-53690 (CVSS 9.0) is under active attack. @CISAgov added it to KEV, patch by Sept 25. Rotate keys + update Sitecore. Details: https://t.co/N07kqh7c9C #CyberSecurity #Sitecore
@AnomalousBytes
7 Sept 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL THREATS - Sept 6 🔴 CVE-2025-53690 (Sitecore) CVSS 9.0 - PATCH NOW! 💻 NEZHA Ransomware active 📱 Brokewell malware via fake ads 🌍 APT37 targets South Korea 🛡️ Block: https://t.co/uQJ99CRzIr Report: https://t.co/TUvXhUynDZ #CyberSecurity #ThreatInt
@404LabsX
6 Sept 2025
97 Impressions
3 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL THREATS - Sept 6 🔴 CVE-2025-53690 (Sitecore) CVSS 9.0 - PATCH NOW! 💻 NEZHA Ransomware active 📱 Brokewell malware via fake ads 🌍 APT37 targets South Korea 🛡️ Block: https://t.co/uQJ99CRzIr Report: https://t.co/TUvXhUynDZ #CyberSecurity #ThreatInt
@404LabsX
6 Sept 2025
80 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨⚠️ Heads up, security community! CVE-2025-53690 poses a serious threat with a high likelihood of exploitation soon. This deserialization flaw affects Sitecore XM & XP (up to 9.0), allowing code injection! 🛡️ Ensure your systems are patched and secure! #CyberSecur
@SecAideInfo
6 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️هشدار CISA: آسیبپذیری بحرانی Sitecore (CVE-2025-53690) با سوءاستفاده فعال شناسایی شد. 🔑 ریسک: اجرای کد از راه دور #Cybersecurity #Cybersecurity_News #اخبار_امنیت_سایبری #ASP #CISA #CVE_20
@vulnerbyte
6 Sept 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
05/09/2025 CISA warns of active exploitation of CVE-2025-53690 in Sitecore with a CVSS score of 9.0! 🚨 FCEB agencies must patch by Sept 25, 2025 to prevent severe impact. Source: https://t.co/YzHPFsP1Ok
@kernyx64
6 Sept 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical zero-days exploited in SAP S/4HANA (CVE-2025-42957) and Sitecore (CVE-2025-53690) prompt urgent patching. Report includes APT activity, law enforcement actions, and global malware trends. #APTActivity #SouthKorea #DataBreach https://t.co/bR4fdNDV9o
@TweetThreatNews
6 Sept 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 ALERT: CISA orders immediate patch for a critical Sitecore vulnerability (CVE-2025-53690, CVSS 9.0) — under active exploitation since December 2024! Attackers can exploit exposed machine keys for RCE, data theft, and full system takeover. Rotate keys, lock configs, and pat
@Newtalics
5 Sept 2025
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA orders immediate patch for critical Sitecore flaw CVE-2025-53690 enabling remote code execution via default machine keys. Active exploitation reported in FCEB networks. #SitecorePatch #ViewStateAttack #USA https://t.co/ChsMqioZKm
@TweetThreatNews
5 Sept 2025
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TL;DR: CVE-2025-53690 is a severe threat. Acknowledge, verify, and patch your Sitecore deployments today. What steps are you taking to safeguard your systems? 🔍 #CyberAwareness
@Cyb3r_5wift
5 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical zero-day vulnerability (CVE-2025-53690) in Sitecore is now being actively exploited! Are you safe? Businesses relying on Sitecore need to act fast! #Cybersecurity #Sitecore https://t.co/PUzBeTNATE
@Cyb3r_5wift
5 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA demands immediate patch for critical Sitecore vulnerability (CVE-2025-53690) under active exploitation! FCEB agencies must update by Sep 25, 2025. Act now! 🚨 https://t.co/MsNtuogFZw #CISA #Sitecore #PatchNow
@0xT3chn0m4nc3r
5 Sept 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA mandates federal agencies patch Sitecore zero-day vulnerability CVE-2025-53690 by Sept 25 after exploits used sample machine keys to gain access and escalate privileges. Sitecore now automates unique key generation. #SitecoreBug #ZeroDay #USA https://t.co/AcxI3S42j1
@TweetThreatNews
5 Sept 2025
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Sitecore製品でゼロデイ脆弱性CVE-2025-53690が悪用、サンプルキー使用で深刻な侵害被害 https://t.co/k6bVaVjfmP #izumino_trend
@sec_trend
5 Sept 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-43300 CVE-2025-48539 CVE-2025-25257 (@0x_shaq) CVE-2025-7775 CVE-2025-57833 (@EyalSec) CVE-2025-53690 CVE-2025-9074 CVE-2025-48543 CVE-2025-24893 https://t.co/KW7HdtM3
@ptdbugs
5 Sept 2025
123 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-53690:ViewState Deserialization Zero-Day Vulnerability in Sitecore Products 🧐Deep Dive:https://t.co/OLrsz86Y1A 📊1.6M Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/vNDsdo8Thw 👇Query HUNTER : https://t.co/pZ2bQ
@HunterMapping
5 Sept 2025
2452 Impressions
9 Retweets
31 Likes
11 Bookmarks
0 Replies
1 Quote
Hackers exploited a zero-day flaw in legacy Sitecore systems (CVE-2025-53690) via the /sitecore/blocked.aspx endpoint, deploying WeepSteel malware through https://t.co/PGRGNLeuSX machine key reuse. #SitecoreFlaw #RemoteCodeExec #WeepSteel https://t.co/BkEyRtSEzw
@TweetThreatNews
5 Sept 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Linux kernel, Android runtime, and Sitecore vulnerabilities CVE-2025-38352, CVE-2025-48543, & CVE-2025-53690 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/dlW52McD9e & apply mitigations to protect your org from cyberattacks. #Cybersec
@sirjameshackz
4 Sept 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical zero-day (CVE-2025-53690, CVSS 9.0) was added to the @cisacyber KEV less than an hour ago and is actively being exploited in the wild Check to see if you're vulnerable: https://t.co/CHVtFodgNi Patches / workarounds are available: https://t.co/CUIm4eiVSX https://
@rxerium
4 Sept 2025
4588 Impressions
23 Retweets
73 Likes
30 Bookmarks
0 Replies
0 Quotes
Sitecore's zero-day flaw (CVE-2025-53690) is a game changer—misconfigured keys are letting hackers take control remotely. Are your systems safe? Check out the deep dive and crucial fixes now. https://t.co/x7zbFB9ANm
@DefendOpsHQ
4 Sept 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-53690 #Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability https://t.co/OSGuIKie9e
@ScyScan
4 Sept 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Linux kernel, Android runtime, and Sitecore vulnerabilities CVE-2025-38352, CVE-2025-48543, & CVE-2025-53690 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersec
@CISACyber
4 Sept 2025
4781 Impressions
17 Retweets
34 Likes
7 Bookmarks
5 Replies
0 Quotes
ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) https://t.co/SWYx6JodMn #security #cybersecurity
@eyalestrin
4 Sept 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) https://t.co/CHSOpJEWFu #HelpNetSecurity #Cybersecurity https://t.co/FxUMsImcYp
@PoseidonTPA
4 Sept 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) https://t.co/ChKX9xGWnn https://t.co/Fz2trZxuHB
@evanderburg
4 Sept 2025
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️#Exploited #Sitecore: rilevato lo sfruttamento attivo della vulnerabilità 0-day CVE-2025-53690, di tipo #RCE Rischio: 🔴 Tipologia 🔸 Remote Code Execution 🔗 https://t.co/dVB7UAJvtX 🔄 Aggiornamenti disponibili 🔄 https://t.co/6LbYIKGI4n
@Vulcanux_
4 Sept 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) https://t.co/Qh6QCd0nGw
@kiranhunter
4 Sept 2025
79 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 CRITICAL: CVE-2025-53690 lets attackers run code via deserialization in Sitecore XM/XP ≤9.0. No patch yet—limit access, monitor for threats! Stay secure: https://t.co/O2lk5djY89 #OffSeq #Sitecore #RCE https://t.co/R8GoiDQElL
@offseq
4 Sept 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MandiantとSitecoreが、ASP.NETマシンキーの露出としてCVE-2025-53690を開示。CVSSスコア9.0。古いSitecoreのデプロイガイドにマシンキーの記載があるもの。Sitecore XP 9.0以前をActive Directory 1.4以前で使用している場合に影
@__kokumoto
4 Sept 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Active zero-day hits Sitecore via ViewState deserialization (CVE-2025-53690) abusing a sample https://t.co/Q1dG3BAOQw machine key from pre-2018 guides, enabling RCE. Mandiant saw WEEPSTEEL, EARTHWORM, DWAgent, SharpHound, GoTokenTheft. Sitecore now auto-generates keys. 🔗🧵
@WatchtowerNexus
4 Sept 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-53690 Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experi… https://t.co/iuAAId4Z83
@CVEnew
3 Sept 2025
273 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-53690: Remote code execution in Sitecore XM/XP ≤9.0 via ViewState deserialization, no login needed. Exploit in the wild 🔥 Rotate & encrypt machine keys now! Full advisory ➡️ https://t.co/9OglGskdn4 #Sitecore #infosec #AppSec
@VolerionSec
3 Sept 2025
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40097CA2-94C2-4CBD-B94C-10B5A8F282FD",
"versionEndIncluding": "9.0"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96C832B3-FB9D-443A-A501-65BFF0A47092",
"versionEndIncluding": "9.0"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F60EDF8-6CCE-4440-A4FB-337FBFC881DD",
"versionEndIncluding": "9.0"
},
{
"criteria": "cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "520CF670-01A2-479F-B637-C413A82463E0"
}
],
"operator": "OR"
}
]
}
]