GCVE - cpe:2.3:a:sitecore:experience_manager_(xm):*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sitecore:experience_manager_(xm):*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Sitecore (`a7d448aa-2b42-539c-981e-05d11ea00680`)
Product	Experience Manager (Xm) (`c29c74e6-53df-547a-a726-95e3f5effb8d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-53691`	vulnerable	2026-06-03 15:03:54.582161	Sitecore Experience Remote Code Execution through Insecure Deserialization HIGH (8.8) Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4. Published: 2025-09-03T12:36:59.561Z Updated: 2025-09-03T13:49:39.605Z Open on db.gcve.eu Reference links https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/ https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-53690`	vulnerable	2026-06-03 15:03:54.578319	Sitecore Products ViewState Deserialization Vulnerability CRITICAL (9) Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0. Published: 2025-09-03T20:04:48.223Z Updated: 2026-02-26T17:49:44.363Z Open on db.gcve.eu Reference links https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-34139`	vulnerable	2026-06-03 15:00:43.746047	Sitecore XM/XP/XC and Managed Cloud 8.0 - 10.4 Arbitrary File Read A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected. Published: 2025-07-25T15:54:25.297Z Updated: 2025-11-19T01:28:37.079Z Open on db.gcve.eu Reference links https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003650 https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003661 https://www.vulncheck.com/advisories/sitecore-xm-xp-xc-managed-cloud-arbitrary-file-read	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.