This week’s update
This week, new critical vulnerabilities were disclosed in Sitecore’s Sitecore Experience Manager (XM), Sitecore Experience Platform (XP), specifically versions 9.0 through 9.3, and 10.0 through 10.4. These flaws are caused by unsafe data deserialization and code reflection, leaving affected systems at high risk of exploitation.
Key Findings
- CVE-2025-53690: Remote Code Execution through Insecure Deserialization
- CVE-2025-53691: Remote Code Execution through Insecure Deserialization
- CVE-2025-53693: HTML Cache Poisoning through Unsafe Reflections
Impact
Exploitation could allow attackers to execute arbitrary code remotely on the affected system and conduct cache poisoning attacks, potentially leading to further compromise. Applying the latest vendor-released solution without delay is strongly recommended.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 588edc74df1f4609b3c2f7ef0ee2c15e | 100878 | Sitecore – Remote Code Execution – CVE:CVE-2025-53691 | N/A | Block | This is a new detection |
| Cloudflare Managed Ruleset | d1bd7563e6254db48ce703807c5b669c | 100631 | Sitecore – Cache Poisoning – CVE:CVE-2025-53693 | N/A | Block | This is a new detection |
| Cloudflare Managed Ruleset | ed94c7ce5301411a94a21a096c410240 | 100879 | Sitecore – Remote Code Execution – CVE:CVE-2025-53690 | N/A | Block | This is a new detection |
Source: Cloudflare
Latest Posts
- GCP Release Notes: February 01, 2026
- GCP Release Notes: January 31, 2026
- Dynamics 365 Contact Center – Leverage Quality Evaluation Agent simulation to test & fine tune evaluation criteria [MC1225452]
- Dynamics 365 Customer Service – Leverage Quality Evaluation Agent simulation to test & fine tune evaluation criteria [MC1225451]
