What is the CVSS score of CVE-2025-53690?

CVE-2025-53690 has a CVSS 3.1 base score of 9.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 9.3%.

Which versions of Experience Commerce are affected by CVE-2025-53690?

CVE-2025-53690 presents critical security risk, a insecure deserialization vulnerability rated CVSS 9.0.

Is there a public PoC exploit available for CVE-2025-53690?

Yes, a public proof-of-concept exploit is available for CVE-2025-53690. Prioritise patching immediately. EPSS: 9.3%.

How to fix or mitigate CVE-2025-53690?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Restrict deserialization to trusted data sources and implement integrity checks.

Experience Commerce CVE-2025-53690

CRITICAL

Deserialization of Untrusted Data (CWE-502)

2025-09-03 9947ef80-c5d5-474a-bbab-97341a59000e

Deserialization Experience Commerce Experience Manager Experience Platform Managed Cloud

9.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:10 vuln.today

Added to CISA KEV

Oct 30, 2025 - 20:39 cisa

CISA KEV

PoC Detected

Oct 30, 2025 - 20:39 vuln.today

Public exploit code

CVE Published

Sep 03, 2025 - 20:15 nvd

CRITICAL 9.0

DescriptionNVD

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

AnalysisAI

Sitecore Experience Manager/Platform through version 9.0 contains a deserialization vulnerability enabling code injection through untrusted data processing.

Technical ContextAI

The CWE-502 deserialization processes untrusted data that can contain malicious serialized .NET objects for code execution.

RemediationAI

Apply Sitecore security patches. Implement .NET serialization filtering.

CVE-2025-53690 vulnerability details – vuln.today

Back

Experience Commerce CVE-2025-53690

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code