Vulnerability Details CVE-2025-53693
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.8%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2025-53693
-
cpe:2.3:a:sitecore:experience_commerce:10.0
-
cpe:2.3:a:sitecore:experience_commerce:10.1
-
cpe:2.3:a:sitecore:experience_commerce:10.2
-
cpe:2.3:a:sitecore:experience_commerce:10.3
-
cpe:2.3:a:sitecore:experience_commerce:10.4
-
cpe:2.3:a:sitecore:experience_commerce:9.0
-
cpe:2.3:a:sitecore:experience_commerce:9.1
-
cpe:2.3:a:sitecore:experience_manager:10.1
-
cpe:2.3:a:sitecore:experience_manager:10.2
-
cpe:2.3:a:sitecore:experience_manager:10.3
-
cpe:2.3:a:sitecore:experience_manager:10.4
-
cpe:2.3:a:sitecore:experience_manager:9.0
-
cpe:2.3:a:sitecore:experience_manager:9.1
-
cpe:2.3:a:sitecore:experience_manager:9.2
-
cpe:2.3:a:sitecore:experience_manager:9.3
-
cpe:2.3:a:sitecore:experience_platform:10.0
-
cpe:2.3:a:sitecore:experience_platform:10.1
-
cpe:2.3:a:sitecore:experience_platform:10.2
-
cpe:2.3:a:sitecore:experience_platform:10.3
-
cpe:2.3:a:sitecore:experience_platform:10.4
-
cpe:2.3:a:sitecore:experience_platform:9.0
-
cpe:2.3:a:sitecore:experience_platform:9.1
-
cpe:2.3:a:sitecore:experience_platform:9.1.1
-
cpe:2.3:a:sitecore:experience_platform:9.2
-
cpe:2.3:a:sitecore:experience_platform:9.3
-
cpe:2.3:a:sitecore:managed_cloud:-