Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2025-53694 PoC — Information Disclosure in ItemServices API

Source
https://github.com/blueisbeautiful/CVE-2025-53694-to-CVE-2025-53691
Associated Vulnerability
Title:Information Disclosure in ItemServices API (CVE-2025-53694)
Description:Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4.
Description
From Information Disclosure to RCE in Sitecore Experience Platform (XP)
Readme
# Sitecore CVE Chain Exploits

This repository contains proof-of-concept exploits for a critical vulnerability chain in Sitecore Experience Platform (XP) versions up to 10.4.1.

## Vulnerabilities

- **CVE-2025-53694:** Information Disclosure
- **CVE-2025-53693:** Cache Poisoning
- **CVE-2025-53691:** Remote Code Execution

## Exploits
> All 3 exploits are available separately in my profile, the `chain.py` file contains the logic of the 3 orchestrated in a chain for cache poisoning to RCE escalation, the `cve_2025_5369*.py` files mentioned below were redundant and have been removed.
- `cve_2025_53694.py`: Information Disclosure PoC  // Removed
- `cve_2025_53693.py`: Cache Poisoning PoC  // Removed
- `cve_2025_53691.py`: RCE via Deserialization PoC  // Removed
- `chain.py`: Complete exploit chain (all CVEs)
- `sitecore.yaml`: [Nuclei](https://github.com/projectdiscovery/nuclei) template, not validated or tested on real targets
- `test.py`: Test script for local environment, make sure to set the correct port // Temporarily removed, incomplete detection

## Usage

### Individual Exploits

- **[CVE-2025-53694](https://github.com/blueisbeautiful/CVE-2025-53694/tree/main):** `python3 exploit.py <target_url>`
- **[CVE-2025-53693](https://github.com/blueisbeautiful/CVE-2025-53693/tree/main):** `python3 exploit.py <target_url>`
- **[CVE-2025-53691](https://github.com/blueisbeautiful/CVE-2025-53691/tree/main):** `python3 exploit.py <target_url> --command "<command>"`

### Exploit Chain

```bash
python3 chain.py <target_url> --command "<command>"
```

### Nuclei template
- Download go
- Install nuclei
- Run `nuclei -t sitecore.yaml -u <target_url>` or `cat targets.txt | nuclei -t sitecore.yaml`

### Documentation

See full explanation [here](https://github.com/blueisbeautiful/CVE-2025-53694-to-CVE-2025-53691/blob/main/REPORT.md)

## Disclaimer

These exploits are for educational and research purposes only. Do not use them on systems you do not own or have permission to test.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →