CVE-2025-53690
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability
⚠ KEVEPSS 5.2%
描述
Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution.
如何修補 CVE-2025-53690
OSV 沒有提供套件對應 — 請參考下方連結尋找廠商提供的建議。
CVE-2025-53690 正在被利用嗎?
是 — CVE-2025-53690 已列入 CISA Known Exploited Vulnerabilities (KEV) 清單,代表正在被實際利用,請立即修補。
受影響套件(0)
OSV 沒有提供套件對應。