- Description
- Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.
- Source
- disclosure@vulncheck.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Severity
- HIGH
- disclosure@vulncheck.com
- CWE-798
- Hype score
- Not currently trending
Pesquisadores descobriram três #vulnerabilidades no popular sistema #Sitecore Experience Platform: CVE-2025-34509 senha embutida no código. CVE-2025-34510 vulnerabilidade Zip Slip. CVE-2025-34511 permite que os usuários carreguem arquivos externos. https://t.co/rmIPS0G977
@EChavarro
7 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
3 vulnerabilidades en el sistema de administración de contenidos #Sitecore Experience Platform: - CVE-2025-34509 #contraseña codificada de forma rígida - CVE-2025-34510 es una #vulnerabilidad de Zip Slip - CVE-2025-34511 cargar archivos sin restricciones https://t.co/RvWjroYP
@EChavarro
1 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes