Sitecore Product Security Update Advisory (CVE-2025-53690)

Sep 08 2025

Overview

We have released security updates to fix vulnerabilities in Sitecore products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-53690

Experience Manager (XM) Versions: All Versions
Experience Platform (XP) Versions: All Versions
Experience Commerce (XC) version: All versions
Managed Cloud (Standard, Premium) versions: see reference [1] for instructions

Resolved Vulnerabilities

Remote code execution vulnerability due to an ASP.NET machineKey configuration vulnerability in the Sitecore product (CVE-2025-53690)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-53690

* Applying the patch through Sitecore SE
* follow the instructions on the Referenced Sites [1] to apply security settings

References

[1] Security Bulletin SC2025-005
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865
[2] ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)
https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability?hl=en

Sitecore Product Security Update Advisory (CVE-2025-53690)

Security Advisory for SecureWiz Products

NVIDIA Product Security Update Advisory

Tags:

Security Advisory for SecureWiz Products

NVIDIA Product Security Update Advisory