### [CVE-2025-53694](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53694)
![](https://img.shields.io/static/v1?label=Product&message=Experience%20Platform%20(XP)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Sitecore%20Experience%20Manager%20(XM)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=9.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brightgreen)

### Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4.

### POC

#### Reference
- https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/

#### Github
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/blueisbeautiful/CVE-2025-53694
- https://github.com/blueisbeautiful/CVE-2025-53694-to-CVE-2025-53691
- https://github.com/brokendreamsclub/CVE-2025-53694
- https://github.com/brokendreamsclub/CVE-2025-53694-to-CVE-2025-53691
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/nomi-sec/PoC-in-GitHub