Vulnerability Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sitecore | Experience Commerce | >= 9.2, <= 10.4 |
| Sitecore | Experience Manager | >= 9.2, <= 10.4 |
| Sitecore | Experience Platform | >= 9.2, < 10.4 |
| Sitecore | Managed Cloud | - |
Related Weaknesses (CWE)
References
- https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cachExploitThird Party Advisory
- https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003734Vendor Advisory
FAQ
What is CVE-2025-53694?
CVE-2025-53694 is a vulnerability with a CVSS score of 7.5 (HIGH). Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager ...
How severe is CVE-2025-53694?
CVE-2025-53694 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-53694?
Check the references section above for vendor advisories and patch information. Affected products include: Sitecore Experience Commerce, Sitecore Experience Manager, Sitecore Experience Platform, Sitecore Managed Cloud.