- Description
- Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing path traversal sequences, allowing arbitrary file writes and leading to code execution.
- Source
- disclosure@vulncheck.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- disclosure@vulncheck.com
- CWE-23
- Hype score
- Not currently trending
Pesquisadores descobriram três #vulnerabilidades no popular sistema #Sitecore Experience Platform: CVE-2025-34509 senha embutida no código. CVE-2025-34510 vulnerabilidade Zip Slip. CVE-2025-34511 permite que os usuários carreguem arquivos externos. https://t.co/rmIPS0G977
@EChavarro
7 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
3 vulnerabilidades en el sistema de administración de contenidos #Sitecore Experience Platform: - CVE-2025-34509 #contraseña codificada de forma rígida - CVE-2025-34510 es una #vulnerabilidad de Zip Slip - CVE-2025-34511 cargar archivos sin restricciones https://t.co/RvWjroYP
@EChavarro
1 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-34510 Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vul… https://t.co/S9XgVsFEHK
@CVEnew
17 Jun 2025
327 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes