cvedb.io
CVE-2025-53693
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-09-03T13:15:49.570 · Last modified 2026-06-17T09:38:43.473

Summary

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.

Affected products

sitecore — experience_commerce

Does this affect you?

Add your gear to cvedb and we'll alert you only when sitecore ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.