Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-53694 PoC — Information Disclosure in ItemServices API

Source
https://github.com/blueisbeautiful/CVE-2025-53694-to-CVE-2025-53691
Associated Vulnerability
Title:Information Disclosure in ItemServices API (CVE-2025-53694)
Description:Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4.
Description
From Information Disclosure to RCE in Sitecore Experience Platform (XP)
Readme
# Sitecore CVE Chain Exploits

This repository contains proof-of-concept exploits for a critical vulnerability chain in Sitecore Experience Platform (XP) versions up to 10.4.1.

## Vulnerabilities

- **CVE-2025-53694:** Information Disclosure
- **CVE-2025-53693:** Cache Poisoning
- **CVE-2025-53691:** Remote Code Execution

## Exploits
> All 3 exploits are available separately in my profile, the `chain.py` file contains the logic of the 3 orchestrated in a chain for cache poisoning to RCE escalation, the `cve_2025_5369*.py` files mentioned below were redundant and have been removed.
- `cve_2025_53694.py`: Information Disclosure PoC  // Removed
- `cve_2025_53693.py`: Cache Poisoning PoC  // Removed
- `cve_2025_53691.py`: RCE via Deserialization PoC  // Removed
- `chain.py`: Complete exploit chain (all CVEs)
- `sitecore.yaml`: [Nuclei](https://github.com/projectdiscovery/nuclei) template, not validated or tested on real targets
- `test.py`: Test script for local environment, make sure to set the correct port // Temporarily removed, incomplete detection

## Usage

### Individual Exploits

- **[CVE-2025-53694](https://github.com/blueisbeautiful/CVE-2025-53694/tree/main):** `python3 exploit.py <target_url>`
- **[CVE-2025-53693](https://github.com/blueisbeautiful/CVE-2025-53693/tree/main):** `python3 exploit.py <target_url>`
- **[CVE-2025-53691](https://github.com/blueisbeautiful/CVE-2025-53691/tree/main):** `python3 exploit.py <target_url> --command "<command>"`

### Exploit Chain

```bash
python3 chain.py <target_url> --command "<command>"
```

### Nuclei template
- Download go
- Install nuclei
- Run `nuclei -t sitecore.yaml -u <target_url>` or `cat targets.txt | nuclei -t sitecore.yaml`

### Documentation

See full explanation [here](https://github.com/blueisbeautiful/CVE-2025-53694-to-CVE-2025-53691/blob/main/REPORT.md)

## Disclaimer

These exploits are for educational and research purposes only. Do not use them on systems you do not own or have permission to test.
File Snapshot

 [4.0K]  /data/pocs/b09164325ec5a40a852e4012b0e78151e1c2807f
├── [ 15K]  chain.py
├── [4.6K]  dorks.md
├── [1.0K]  LICENSE
├── [2.0K]  README.md
├── [2.9K]  REPORT.md
└── [2.8K]  sitecore.yaml

0 directories, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →