Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSitecore Experience Commerce
APPSitecore8.2 – 10.3Sitecore Experience Manager
APPSitecore8.2 – 10.3Sitecore Experience Platform
APPSitecore8.2 – 10.3Sitecore Managed Cloud
APPSitecore8.2 – 10.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
Related vulnerabilities
CVE-2025-53690CRITICAL9.0⚠ KEVPL ✓ten sam produkt
Krótki tytuł podatności po polsku (max 80 znaków)
CVE-2021-42237CRITICAL9.8⚠ KEVten sam produkt
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attac...
CVE-2019-9874CRITICAL9.8⚠ KEVten sam produkt
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0...
CVE-2025-53693CRITICAL9.8PL ✓ten sam produkt
Unsafe Reflection umożliwiający Cache Poisoning w Sitecore XM/XP
CVE-2023-27068CRITICAL9.8ten sam produkt
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run ...