Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-53693 PoC — HTML Cache Poisoning through Unsafe Reflections

Source
https://github.com/blueisbeautiful/CVE-2025-53693
Associated Vulnerability
Title:HTML Cache Poisoning through Unsafe Reflections (CVE-2025-53693)
Description:Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
Description
HTML cache poisoning through unsafe reflections
Readme
### CVE-2025-53693: HTML Cache Poisoning

The XAML handler, located at `/-/xaml/`, exposes several controls that can be accessed without authentication. The `AjaxScriptManager` within these controls allows for the execution of methods via reflection. The `AddToCache` method can be abused to inject arbitrary HTML content into the Sitecore cache, which can then be rendered in other parts of the application.

**Cache Poisoning:** The attacker uses CVE-2025-53693 to poison the cache with a malicious payload.

## Mitigation

Sitecore has released patches for this vulnerabilitie. It is strongly recommended to upgrade to the latest version of Sitecore XP or apply the provided security patches.

## Reference

[1] Watchtowr Labs. (2025). [*Cache Me If You Can: Sitecore Experience Platform Cache Poisoning to RCE*.](https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/)
File Snapshot

 [4.0K]  /data/pocs/8f25cf7576f0cf41a4567497183dd6429ba98798
├── [ 12K]  exploit.py
├── [1.0K]  LICENSE
└── [ 918]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →