CVE-2025-34509

High CVSS: 7.5

Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.

Vendor

Sitecore

Product

Experience Commerce

CWE

CWE-798

Yayın Tarihi

2025-06-17 19:15:31

Güncelleme

2025-12-27 17:15:47

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-798 Experience Commerce HIGH Sitecore 2025

Referanslar

https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/ https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667

Benzer Kayıtlar

Critical

CVE-2025-53690

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) a…

High

CVE-2025-53691

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) a…

Critical

CVE-2025-53693

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Ex…

High

CVE-2025-53694

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), S…

High

CVE-2025-34510

Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10…

High

CVE-2025-34511

Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through vers…