Important vulnerabilities in Sitecore Expertise Platform enable attackers to attain full system compromise by means of a classy assault chain combining HTML cache poisoning with distant code execution capabilities.
These flaws additionally allow attackers to enumerate cache keys and configuration particulars through the uncovered ItemServices API, streamlining focused exploitation.
Key Takeaways1. CVE-2025-53693 lets attackers inject HTML through AddToCache.2. CVE-2025-53691 abuses BinaryFormatter.Deserialize() for full code execution.3. CVE-2025-53694 exposes cache key particulars, aiding focused assaults.
Sitecore Expertise Platform Vulnerabilities
The safety analysis agency watchTowr Labs has recognized three main vulnerabilities in Sitecore Expertise Platform 10.4.1 that may be chained collectively for a devastating impact.
The first vulnerability, CVE-2025-53693, allows HTML cache poisoning by means of unsafe reflection mechanisms within the XamlPageHandlerFactory handler.
The assault exploits the AjaxScriptManager.DispatchMethod() perform, which makes use of reflection to dynamically invoke strategies primarily based on user-supplied parameters.
Attackers can goal the weak endpoint at /-/xaml/Sitecore.Shell.Xaml.WebControl with specifically crafted POST requests containing malicious __PARAMETERS and __SOURCE values.
The core exploitation happens by means of the AddToCache(string, string) technique in Sitecore.Net.UI.WebControl, permitting attackers to inject arbitrary HTML into Sitecore’s cache system. A pattern exploit request demonstrates the simplicity of the assault:
The second important vulnerability, CVE-2025-53691, offers the pathway from cache poisoning to full distant code execution by means of insecure deserialization within the BinaryFormatter.Deserialize() technique.
This vulnerability exists within the Sitecore.Convert.Base64ToObject() perform, which processes base64-encoded objects with out correct validation.
The assault chain leverages the ConvertToRuntimeHtml pipeline, particularly concentrating on iframe parts with embedded serialized payloads.
When the FixHtmlPage management processes malicious HTML containing iframe tags with id and worth attributes, it triggers the weak deserialization path.
Moreover, CVE-2025-53694 exposes delicate data by means of the ItemServices API, enabling attackers to enumerate cache keys and system configurations.
This vulnerability permits unauthorized entry to Sitecore merchandise metadata, together with caching settings and gadget configurations, facilitating focused cache poisoning assaults.
CVETitleSeverityCVE-2025-53693HTML Cache PoisoningHighCVE-2025-53691Deserialization Distant Code Exec.CriticalCVE-2025-53694ItemServices Metadata DisclosureHigh
Sitecore has launched patches for these vulnerabilities in June and July 2025.
Organizations utilizing Sitecore Expertise Platform ought to instantly apply the obtainable safety updates and evaluation their ItemServices API publicity to forestall exploitation of those important safety flaws that have an effect on 1000’s of enterprise installations worldwide.
Discover this Story Fascinating! Comply with us on Google Information, LinkedIn, and X to Get Extra On the spot Updates.
