HTML Cache Poisoning through Unsafe Reflections_CVE-2025-53693

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.

Basic Information

ID CVE-2025-53693

Source Wiz

Published Sep 3, 2025 at 12:36

Affected Product

Vendor Sitecore

Product Sitecore Experience Manager (XM)

Version 9.0

Affected Versions Sitecore Sitecore Experience Manager (XM) 9.0
Sitecore Sitecore Experience Manager (XM) 10.0
Sitecore Experience Platform (XP) 9.0
Sitecore Experience Platform (XP) 10.0

CWE Classification

CWE-470

References

{
    "lastseen": "",
    "description": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.",
    "published": "2025-09-03T12:36:53.745Z",
    "modified": "2025-09-03T12:36:53.745Z",
    "type": "cve",
    "title": "HTML Cache Poisoning through Unsafe Reflections",
    "source": "Wiz",
    "references": "https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/\nhttps://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667",
    "id": "CVE-2025-53693",
    "bulletinFamily": "",
    "cwe": [
        "CWE-470"
    ],
    "cvelist": null,
    "sourceData": "Sitecore Sitecore Experience Manager (XM) 9.0\nSitecore Sitecore Experience Manager (XM) 10.0\nSitecore Experience Platform (XP) 9.0\nSitecore Experience Platform (XP) 10.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Sitecore Experience Manager (XM)",
    "version": "9.0",
    "vendor": "Sitecore",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}