CVE-2025-53690

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

More information : https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability