Sitecore Managed Cloud — known CVE vulnerabilities
Every CVE whose affected-product data names Sitecore Managed Cloud, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2025-53693 — CVSS 9.8 (critical): Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager…
CVE-2025-53691 — CVSS 8.8 (high): Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code…
CVE-2025-34510 — CVSS 8.8 (high): Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are…
CVE-2025-34511 — CVSS 8.8 (high): Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is…
CVE-2025-53694 — CVSS 7.5 (high): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience…
CVE-2025-34509 — CVSS 7.5 (high): Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3…
CVE-2023-33651 — CVSS 7.5 (high): An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0…