Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution.
The flaws, per watchTowr Labs, are listed below –
CVE-2025-53693 – HTML cache poisoning through unsafe reflections
CVE-2025-53691 – Remote code execution (RCE) through insecure deserialization
CVE-2025-53694 –
English
Arabic
Chinese (Simplified)
Dutch
French
German
Italian
Portuguese
Russian
Spanish