← back
CVE-2025-27218

CVE-2025-27218

CVSS 5.3 MEDIUMEPSS 63.6%CWE-94
Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/52344unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003535