From Information Disclosure to RCE in Sitecore Experience Platform (XP)# Sitecore CVE Chain Exploits
This repository contains proof-of-concept exploits for a critical vulnerability chain in Sitecore Experience Platform (XP) versions up to 10.4.1.
## Vulnerabilities
- **CVE-2025-53694:** Information Disclosure
- **CVE-2025-53693:** Cache Poisoning
- **CVE-2025-53691:** Remote Code Execution
## Exploits
> All 3 exploits are available separately in my profile, the `chain.py` file contains the logic of the 3 orchestrated in a chain for cache poisoning to RCE escalation, the `cve_2025_5369*.py` files mentioned below were redundant and have been removed.
- `cve_2025_53694.py`: Information Disclosure PoC // Removed
- `cve_2025_53693.py`: Cache Poisoning PoC // Removed
- `cve_2025_53691.py`: RCE via Deserialization PoC // Removed
- `chain.py`: Complete exploit chain (all CVEs)
- `sitecore.yaml`: [Nuclei](https://github.com/projectdiscovery/nuclei) template, not validated or tested on real targets
- `test.py`: Test script for local environment, make sure to set the correct port // Temporarily removed, incomplete detection
## Usage
### Individual Exploits
- **[CVE-2025-53694](https://github.com/blueisbeautiful/CVE-2025-53694/tree/main):** `python3 exploit.py <target_url>`
- **[CVE-2025-53693](https://github.com/blueisbeautiful/CVE-2025-53693/tree/main):** `python3 exploit.py <target_url>`
- **[CVE-2025-53691](https://github.com/blueisbeautiful/CVE-2025-53691/tree/main):** `python3 exploit.py <target_url> --command "<command>"`
### Exploit Chain
```bash
python3 chain.py <target_url> --command "<command>"
```
### Nuclei template
- Download go
- Install nuclei
- Run `nuclei -t sitecore.yaml -u <target_url>` or `cat targets.txt | nuclei -t sitecore.yaml`
### Documentation
See full explanation [here](https://github.com/blueisbeautiful/CVE-2025-53694-to-CVE-2025-53691/blob/main/REPORT.md)
## Disclaimer
These exploits are for educational and research purposes only. Do not use them on systems you do not own or have permission to test.
登录后查看神龙缓存的 POC 文件快照
登录查看