Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Vulnerability chaining in Sitecore products can lead to remote code execution and full compromise, Patch Immediately!
Image
Veröffentlicht : 04/09/2025
- Last update: 04/09/2025
- Affected software:
→ Sitecore Experience Platform (XP)
→ Sitecore Experience Manager (XM)
→ Sitecore Experience Commerce (XC)- Type: Remote code execution
- CVE/CVSS
→ CVE-2025-53691: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-53693: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-53694: CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Sources
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003734
Risks
Sitecore delivers Content Management System (CMS) to more than 22.000 instances. Three of their products – Sitecore Experience Platform (XP), Sitecore Experience Manager (XM) and Sitecore Experience Commerce (XC) – are vulnerable to flaws which, when chained, could lead to full compromise.
CMS products are heavily targeted by threat actors as a way to gain unauthorized access to sensitive or valuable information, and as a springboard for further compromise. While Sitecore did not report active exploitation in the wild, a Proof of Concept (PoC) was disclosed detailing the attack chain (cut-off date: 4 September 2025).
Successful exploitation could have high impact on confidentiality, integrity and availability.
Description
Three vulnerabilities could be chained together to achieve compromise:
- CVE-2025-53693 is an unsafe reflection vulnerability affecting Sitecore Experience Manager, Sitecore Experience Commerce and Sitecore Experience Platform. Successful exploitation enables a remote threat actor to perform cache poisoning on a vulnerable instance.
- CVE-2025-53691 is a deserialization of untrusted data vulnerability in Sitecore Experience Manager, Sitecore Experience Commerce and Sitecore Experience Platform. A remote attacker could exploit it to achieve remote code execution.
- CVE-2025-53694 is an exposure of sensitive information to an unauthorized actor vulnerability affecting Sitecore Experience Manager, Sitecore Experience Commerce and Sitecore Experience Platform. Remote attackers could exploit it to achieve remote code execution and to access information in an unauthorized manner.
Note that these vulnerabilities also impact both Managed Cloud subscriptions including Standard and Premium subscriptions.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Sitecore warns that fixes are not automatically rolled in Azure Marketplace. When using Azure Marketplace, Sitecore recommends applying patches to each instance if the issue has not been fixed in versions released at dev.sitecore.net.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://thehackernews.com/2025/08/researchers-warn-of-sitecore-exploit.html