Описание
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-53690
- https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability
- https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53690
Связанные уязвимости
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.
Уязвимость систем управления контентом Sitecore Experience Manager (XM), Experience Platform (XP) и платформы для персонализированного процесса покупок Experience Commerce (XC), связанная с недостатками механизма десериализации, позволяющая нарушителю выполнить произвольный код и получить несанкционированный доступ к защищаемой информации