Sitecore Experience Platform (Xp)
7 CVEs affecting Sitecore Experience Platform (Xp). Latest disclosed: 2025-09-21. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-53693 | Critical | 9.8 | 2025-09-03 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experie… |
CVE-2025-53690 | Critical | 9.0 | 2025-09-03 | Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects… |
CVE-2025-53691 | High | 8.8 | 2025-09-03 | Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This… |
CVE-2025-53694 | High | 7.5 | 2025-09-03 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This i… |
CVE-2025-53692 | High | 7.1 | 2025-09-21 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecor… |
CVE-2015-10142 | | 2025-07-25 | Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior… | |
CVE-2025-34139 | | 2025-07-25 | A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthent… |