CVE-2025-53690
Published Sep 3, 2025
Last updated 3 months ago
AI description
CVE-2025-53690 is a ViewState deserialization vulnerability affecting Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud. The vulnerability stems from the reuse of a sample ASP.NET machine key that was included in official Sitecore deployment guides prior to 2017 and, in some instances, mistakenly implemented in production environments. Attackers who possess this key can create malicious __VIEWSTATE payloads, bypassing validation and enabling code execution on the targeted server. This turns a misconfiguration into a Remote Code Execution (RCE) vector. The initial compromise can grant attackers access under the NETWORK SERVICE account. The WEEPSTEEL malware may be deployed to gather system, network, and user information.
- Description
- Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.
- Source
- 9947ef80-c5d5-474a-bbab-97341a59000e
- NVD status
- Analyzed
- Products
- experience_commerce, experience_manager, experience_platform, managed_cloud
CVSS 3.1
- Type
- Secondary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Sep 4, 2025
- Exploit action due
- Sep 25, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 9947ef80-c5d5-474a-bbab-97341a59000e
- CWE-502
- Hype score
- Not currently trending
A China-linked APT (UAT-8837) exploited a critical #Sitecore zero-day (CVE-2025-53690) to breach US critical infrastructure. Post-access activity included credential harvesting, AD reconnaissance and RDP weakening. Software libraries were exfiltrated in at least one case. https:/
@MeridianEU
20 Jan 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Talos uncovers China-nexus APT targeting critical infrastructure via CVE-2025-53690, leveraging credential harvesting and potential supply chain compromise. #Cybersecurity #APTGroups #CriticalInfrastructure #CVE202553690 #SupplyChainSecurity #CredentialHarvesting https://t.
@probablypwned
19 Jan 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️China-linked UAT-8837 exploited a Sitecore (CVE-2025-53690) zero-day to breach North American critical infrastructure China APT by stealing credentials and AD data for persistence, they pose a major threat. Western allies issued a joint alert. Ref: https://t.co/T7u5g0EC9c
@hCharizard_
19 Jan 2026
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
China-linked group UAT-8837 exploits Sitecore zero-day CVE-2025-53690 to target North American critical infrastructure, using tools like Rubeus and Impacket for credential theft and network reconnaissance. #UAT8837 #SitecoreCVE #China https://t.co/YEFxD9ELyN
@TweetThreatNews
18 Jan 2026
159 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
UAT-8837, linked to China, exploits zero-day CVE-2025-53690 and uses tools like Earthworm, GoToken Theft, SharpHound, and Certipy to infiltrate North American infrastructure with advanced stealth tactics. #UAT8837 #China #CriticalInfra https://t.co/MVjvE6iPFc
@TweetThreatNews
17 Jan 2026
114 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A China-linked advanced persistent threat (APT) group, tracked by Cisco Talos as UAT-8837, has been exploiting a critical zero-day vulnerability in Sitecore (CVE-2025-53690) to infiltrate North American critical infrastructure sectors. The vulnerability, rated 9.0 on the CVSS
@ox0ffff
17 Jan 2026
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chinese APT group UAT-8837 exploits Sitecore zero-day (CVE-2025-53690) to infiltrate North American critical infrastructure. Stay vigilant and patch promptly. https://t.co/eRrCUCdmo0 #CyberAttack #Hacking #Exploits #Vulnerability #Infosec #Security #Threat #APT #Malware #Patch ht
@dailytechonx
17 Jan 2026
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
中国関連のAPTがSitecoreのゼロデイ脆弱性(CVE-2025-53690)を悪用し、米国の重要インフラを攻撃 公式ガイドのサンプル鍵をコピペした設定不備が原因となっており、任意コード実行が可能になる。 Sitecore利用者はw
@motch_dev
17 Jan 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
China-linked UAT-8837 has been exploiting a Sitecore zero-day (CVE-2025-53690) for initial access. If you run Sitecore: patch/mitigate fast and review exposure + logs. https://t.co/T5MUwtg31t #Cybersecurity #Sitecore #CVE #ThreatIntel #BlueTeam
@Anavem_
17 Jan 2026
905 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Chinese state-backed hackers have infiltrated North American critical infrastructure using compromised credentials and exploited CVE-2025-53690 in SiteCore. Tools like Earthworm were deployed. #China #CriticalInfra #ZeroDay https://t.co/Pqk1OlDES7
@TweetThreatNews
16 Jan 2026
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Chinese UAT-8837 Breaches North American Critical Infrastructure via Sitecore Zero-Day Cisco Talos reports China-linked UAT-8837 used multiple vulnerabilities—including the Sitecore ViewState deserialization zero-day CVE-2025-53690—to gain initial access, then deployed t
@ThreatSynop
16 Jan 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 China-Linked UAT-8837 Exploits Sitecore Zero-Day (CVE-2025-53690) to Breach North American Critical Infrastructure Cisco Talos says UAT-8837 is abusing a Sitecore ViewState deserialization zero-day (CVE-2025-53690) plus stolen credentials to gain initial access, then using
@ThreatSynop
16 Jan 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 𝐍𝐞𝐰 𝐂𝐕𝐄 𝐚𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐣𝐮𝐬𝐭 𝐝𝐫𝐨𝐩𝐩𝐞𝐝! Inside UAT-8837’s zero-day attack exploiting CVE-2025-53690-see how this APT breaches critical systems and how to defend against it effectively. 🌐 Explore the writ
@PurpleOps_io
16 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
China-linked APT is exploiting a Sitecore zero-day (CVE-2025-53690, CVSS 9.0) to breach U.S. critical infrastructure. Patch immediately and monitor for post-exploitation activity. #CyberSecurity #ZeroDay #Sitecore https://t.co/ods867RXey
@CloneSystemsInc
16 Jan 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 China-Linked APT Exploits Sitecore Zero-Day to Breach North American Critical Infrastructure Cisco Talos says China-nexus actor UAT-8837 exploited a Sitecore zero-day (CVE-2025-53690) and stolen credentials to gain initial access, then used open-source post-exploitation tool
@ThreatSynop
16 Jan 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 China-linked APT UAT-8837 exploited Sitecore zero-day in North America. Most saw a simple attack; it's a systemic supply chain risk. Harnesses vulnerabilities like CVE-2025-53690 for deep access. This dependency is now visible to everyone. #AIEthics #CyberSecurity #Infosec
@photogrim_
16 Jan 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Sitecore CVE-2025-53690 (CVSS 9.0) POC I just dropped a blog about CVE-2025-53690 🔹 Fully weaponized POC 🔹 Sneaky MemShell persistence tricks 🔹 Nuclei template I built to scan at scale https://t.co/Gz9Z6DUIKD Feedbacks are welcome! #infosec#sitecore #rce #cve htt
@ErikPham141
5 Nov 2025
174 Impressions
0 Retweets
3 Likes
1 Bookmark
1 Reply
0 Quotes
#VulnerabilityReport #ASPNET CVE-2025-53690: Mandiant and Sitecore Warn of Active Exploitation in https://t.co/aMlHWIBBDB Machine Key Configurations https://t.co/gHCKsQxanM
@Komodosec
11 Oct 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Sitecore Experience Platform/Manager - Deserialization RCE (CVE-2025-53690, CVSS 9.0) . Read the full report on - https://t.co/Fhg5eUu8uw https://t.co/Ocjcutd0l5
@cyberbivash
2 Oct 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Sitecore Experience Platform/Manager - Deserialization RCE (CVE-2025-53690, CVSS 9.0) . Read the full report on - https://t.co/lMNEUYeupx https://t.co/2ACvRrmriQ
@cyberbivash
2 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar from https://t.co/8RzyA4ocnO: CVE-2025-20352 CVE-2025-20333 CVE-2025-20362 CVE-2025-25257 (@0x_shaq) CVE-2024-36401 (Steve Ikeoka) CVE-2025-10035 CVE-2025-10184 (Calum Hutton) CVE-2025-53690 (Andi Slok) CVE-2024-28986 https://t.co/HF5Ob5EPZO
@ptdbugs
26 Sept 2025
207 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
#ThreatProtection #CVE-2025-53690 - Deserialization of Untrusted Data #vulnerability affecting multiple Sitecore products, read more about Symantec's protection: https://t.co/9Mq2r8SBfG
@threatintel
25 Sept 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53690 Sitecore Experience Manager and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed https://t.co/XaaWwiuNud machine keys to achieve remote code execution.
@ZeroDayFacts
21 Sept 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-53690
@transilienceai
17 Sept 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-53690 has recently been classified as a CISA Known Exploited Vulnerability called "Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability". Know more about it: https://t.co/413BqAc78j #KEV #CVE #VulnerabilityManagement #CISO" https://t.co/d7kSe5bXG
@attaxion
12 Sept 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Análisis de vulnerabilidad CVE-2025-53690 https://t.co/Hpgwvf31c4 #Informatica #Noticiaslibres #SeguridadInformatica
@f3nixh4ck
9 Sept 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mandiant reveals a ViewState deserialization zero-day vulnerability affecting Sitecore products (CVE-2025-53690), enabling attackers to exploit exposed machine keys for remote code execution and lateral movement; updated configurations have been issued t… https://t.co/3BW4DPIPZ
@Cyber_O51NT
9 Sept 2025
1117 Impressions
8 Retweets
21 Likes
2 Bookmarks
0 Replies
0 Quotes
Alerta! 🚨 CVE-2025-53690 no Sitecore (CVSS 9.0) permite RCE via deserialização. Já explorada! Atualize já: https://t.co/xt7MU6kXhh #CyberSecurity #Vulnerabilidades #TecNewsThiago
@tecnewsthiago
8 Sept 2025
51 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness CVE-2025-53690: Sitecore Deployments Targeted via WEEPSTEEL Malware | 08-09-2025 Source: https://t.co/IxeZxpC1Je Key details below ↓ 💀Threats: Weepsteel, Viewstate_deserialization_vuln, Earthworm_tool, Dwagent_tool, Bloodhound_tool, Rssock_too
@rst_cloud
8 Sept 2025
113 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53690 in Sitecore (XM, XP, XC, Managed Cloud) is under active exploitation. A ViewState deserialization bug enables unauthenticated RCE via exposed default https://t.co/oIGc0FHqST machine keys. CISA mandates patch by Sept 25. #CyberSecurity #CVE202553690 #Sitecore http
@CloneSystemsInc
8 Sept 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-53690 🚨 Attackers are exploiting old Sitecore setups using a legacy key to launch WEEPSTEEL malware. It’s not a bug; it’s a configuration mistake now weaponised. Are your systems safe? Details 👇 https://t.co/nwcl6QHoAo #SOCRadar #cybersecuritytips #zerod
@socradar
8 Sept 2025
60 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Mandiant uncovered Sitecore CVE-2025-53690 exploitation via ViewState deserialization using exposed https://t.co/PGRGNLeuSX machine key, enabling remote code execution and deployment of WEEPSTEEL, EARTHWORM, DWAGENT for AD reconnaissance and data theft. … https://t.co/az2Sf6Rcj
@TweetThreatNews
8 Sept 2025
133 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation. The vulnerability, tracked as CVE-2025-53690, carries a CVSS score of 9.0 out of a maximum of 10.0, indicating critical severity. https://t.co/s1Py8xoLQf https://t.co/xY0BLLzqkp
@riskigy
7 Sept 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CYBER ALERT - 07/09/2025 CISA mandates federal agencies patch Sitecore zero-day (CVE-2025-53690) by Sept 25 after recent attacks reported. 💡 Update systems ASAP Source: https://t.co/IzgcHRi5mu
@kernyx64
7 Sept 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Sitecore Vulnerability Exploited @Mandiant reports CVE-2025-53690 (CVSS 9.0) is under active attack. @CISAgov added it to KEV, patch by Sept 25. Rotate keys + update Sitecore. Details: https://t.co/N07kqh7c9C #CyberSecurity #Sitecore
@AnomalousBytes
7 Sept 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL THREATS - Sept 6 🔴 CVE-2025-53690 (Sitecore) CVSS 9.0 - PATCH NOW! 💻 NEZHA Ransomware active 📱 Brokewell malware via fake ads 🌍 APT37 targets South Korea 🛡️ Block: https://t.co/uQJ99CRzIr Report: https://t.co/TUvXhUynDZ #CyberSecurity #ThreatInt
@404LABSx
6 Sept 2025
97 Impressions
3 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL THREATS - Sept 6 🔴 CVE-2025-53690 (Sitecore) CVSS 9.0 - PATCH NOW! 💻 NEZHA Ransomware active 📱 Brokewell malware via fake ads 🌍 APT37 targets South Korea 🛡️ Block: https://t.co/uQJ99CRzIr Report: https://t.co/TUvXhUynDZ #CyberSecurity #ThreatInt
@404LABSx
6 Sept 2025
80 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨⚠️ Heads up, security community! CVE-2025-53690 poses a serious threat with a high likelihood of exploitation soon. This deserialization flaw affects Sitecore XM & XP (up to 9.0), allowing code injection! 🛡️ Ensure your systems are patched and secure! #CyberSecur
@SecAideInfo
6 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️هشدار CISA: آسیبپذیری بحرانی Sitecore (CVE-2025-53690) با سوءاستفاده فعال شناسایی شد. 🔑 ریسک: اجرای کد از راه دور #Cybersecurity #Cybersecurity_News #اخبار_امنیت_سایبری #ASP #CISA #CVE_20
@vulnerbyte
6 Sept 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
05/09/2025 CISA warns of active exploitation of CVE-2025-53690 in Sitecore with a CVSS score of 9.0! 🚨 FCEB agencies must patch by Sept 25, 2025 to prevent severe impact. Source: https://t.co/YzHPFsP1Ok
@kernyx64
6 Sept 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical zero-days exploited in SAP S/4HANA (CVE-2025-42957) and Sitecore (CVE-2025-53690) prompt urgent patching. Report includes APT activity, law enforcement actions, and global malware trends. #APTActivity #SouthKorea #DataBreach https://t.co/bR4fdNDV9o
@TweetThreatNews
6 Sept 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 ALERT: CISA orders immediate patch for a critical Sitecore vulnerability (CVE-2025-53690, CVSS 9.0) — under active exploitation since December 2024! Attackers can exploit exposed machine keys for RCE, data theft, and full system takeover. Rotate keys, lock configs, and pat
@Newtalics
5 Sept 2025
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA orders immediate patch for critical Sitecore flaw CVE-2025-53690 enabling remote code execution via default machine keys. Active exploitation reported in FCEB networks. #SitecorePatch #ViewStateAttack #USA https://t.co/ChsMqioZKm
@TweetThreatNews
5 Sept 2025
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TL;DR: CVE-2025-53690 is a severe threat. Acknowledge, verify, and patch your Sitecore deployments today. What steps are you taking to safeguard your systems? 🔍 #CyberAwareness
@Cyb3r_5wift
5 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical zero-day vulnerability (CVE-2025-53690) in Sitecore is now being actively exploited! Are you safe? Businesses relying on Sitecore need to act fast! #Cybersecurity #Sitecore https://t.co/PUzBeTNATE
@Cyb3r_5wift
5 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA demands immediate patch for critical Sitecore vulnerability (CVE-2025-53690) under active exploitation! FCEB agencies must update by Sep 25, 2025. Act now! 🚨 https://t.co/MsNtuogFZw #CISA #Sitecore #PatchNow
@0xT3chn0m4nc3r
5 Sept 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA mandates federal agencies patch Sitecore zero-day vulnerability CVE-2025-53690 by Sept 25 after exploits used sample machine keys to gain access and escalate privileges. Sitecore now automates unique key generation. #SitecoreBug #ZeroDay #USA https://t.co/AcxI3S42j1
@TweetThreatNews
5 Sept 2025
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Sitecore製品でゼロデイ脆弱性CVE-2025-53690が悪用、サンプルキー使用で深刻な侵害被害 https://t.co/k6bVaVjfmP #izumino_trend
@sec_trend
5 Sept 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-43300 CVE-2025-48539 CVE-2025-25257 (@0x_shaq) CVE-2025-7775 CVE-2025-57833 (@EyalSec) CVE-2025-53690 CVE-2025-9074 CVE-2025-48543 CVE-2025-24893 https://t.co/KW7HdtM3
@ptdbugs
5 Sept 2025
123 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-53690:ViewState Deserialization Zero-Day Vulnerability in Sitecore Products 🧐Deep Dive:https://t.co/OLrsz86Y1A 📊1.6M Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/vNDsdo8Thw 👇Query HUNTER : https://t.co/pZ2bQ
@HunterMapping
5 Sept 2025
2452 Impressions
9 Retweets
31 Likes
11 Bookmarks
0 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40097CA2-94C2-4CBD-B94C-10B5A8F282FD",
"versionEndIncluding": "9.0"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96C832B3-FB9D-443A-A501-65BFF0A47092",
"versionEndIncluding": "9.0"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F60EDF8-6CCE-4440-A4FB-337FBFC881DD",
"versionEndIncluding": "9.0"
},
{
"criteria": "cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "520CF670-01A2-479F-B637-C413A82463E0"
}
],
"operator": "OR"
}
]
}
]