Sitecore: >> Experience Manager >> 8.0 Security Vulnerabilities
CVE-2025-53690
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.
Known exploited
CVSS Score
9.0
EPSS Score
0.085
Published
2025-09-03
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.
CVSS Score
7.5
EPSS Score
0.933
Published
2024-09-15
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.
CVSS Score
7.2
EPSS Score
0.104
Published
2023-03-14