### [CVE-2025-53693](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53693)
![](https://img.shields.io/static/v1?label=Product&message=Experience%20Platform%20(XP)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Sitecore%20Experience%20Manager%20(XM)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=10.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-470%20Use%20of%20Externally-Controlled%20Input%20to%20Select%20Classes%20or%20Code%20('Unsafe%20Reflection')&color=brightgreen)

### Description

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.

### POC

#### Reference
- https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/

#### Github
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/blueisbeautiful/CVE-2025-53693
- https://github.com/blueisbeautiful/CVE-2025-53694-to-CVE-2025-53691
- https://github.com/brokendreamsclub/CVE-2025-53693
- https://github.com/brokendreamsclub/CVE-2025-53694-to-CVE-2025-53691
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/nomi-sec/PoC-in-GitHub