{“lastseen”:”2025-08-29T17:28:17″,”description”:”\\n\\nThree new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution. \\n\\nThe flaws, per watchTowr Labs, are listed below -\\n\\n * **CVE-2025-53693** \\\\- HTML cache poisoning through unsafe reflections\\n * **CVE-2025-53691** \\\\- Remote code execution (RCE) through insecure deserialization\\n * **CVE-2025-53694** \\\\- Information Disclosure in ItemService API with a restricted anonymous user, leading to exposure of cache keys using a brute-force approach\\n\\n\\n\\nPatches for the first two shortcomings were released by Sitecore in June and for the third in July 2025, with the company stating that \\”successful exploitation of the related vulnerabilities might lead to remote code execution and non-authorized access to information.\\”\\n\\n\\n\\nThe findings build on three more flaws in the same product that were detailed by watchTowr back in June -\\n\\n * **CVE-2025-34509** (CVSS score: 8.2) – Use of hard-coded credentials\\n * **CVE-2025-34510** (CVSS score: 8.8) – Post-authenticated remote code execution via path traversal\\n * **CVE-2025-34511** (CVSS score: 8.8) – Post-authenticated remote code execution via Sitecore PowerShell Extension\\n\\n\\n\\nwatchTowr Labs researcher Piotr Bazydlo said the newly uncovered bugs could be fashioned into an exploit chain by bringing together the pre-auth HTML cache poisoning vulnerability with a post-authenticated remote code execution issue to compromise a fully-patched Sitecore Experience Platform instance.\\n\\nThe entire sequence of events leading up to code execution is as follows: A threat actor could leverage the ItemService API, if exposed, to trivially enumerate HTML cache keys stored in the Sitecore cache and send HTTP cache poisoning requests to those keys.\\n\\nThis could then be chained with CVE-2025-53691 to supply malicious HTML code that ultimately results in code execution by means of an unrestricted BinaryFormatter call.\\n\\n\\”We managed to abuse a very restricted reflection path to call a method that lets us poison any HTML cache key,\\” Bazydlo said. \\”That single primitive opened the door to hijacking Sitecore Experience Platform pages – and from there, dropping arbitrary JavaScript to trigger a Post-Auth RCE vulnerability.\\”\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2025-08-29T17:22:00″,”modified”:”2025-08-29T17:22:59″,”type”:”thn”,”title”:”Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution”,”source”:””,”references”:””,”id”:”THN:EA39CBD9A2B8E08E3F0061BEB8C7CF52″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2025-34509″,”CVE-2025-34510″,”CVE-2025-34511″,”CVE-2025-53691″,”CVE-2025-53693″,”CVE-2025-53694″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2025\/08\/researchers-warn-of-sitecore-exploit.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-08-29T17:28:17″,”description”:”\\n\\nThree new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution. \\n\\nThe…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,41,12,15,13,7,11,43,5],"class_list":["post-15059","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n