- Description
- Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the server using crafted HTTP requests, resulting in remote code execution.
- Source
- disclosure@vulncheck.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- disclosure@vulncheck.com
- CWE-434
- Hype score
- Not currently trending
Pesquisadores descobriram três #vulnerabilidades no popular sistema #Sitecore Experience Platform: CVE-2025-34509 senha embutida no código. CVE-2025-34510 vulnerabilidade Zip Slip. CVE-2025-34511 permite que os usuários carreguem arquivos externos. https://t.co/rmIPS0G977
@EChavarro
7 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
3 vulnerabilidades en el sistema de administración de contenidos #Sitecore Experience Platform: - CVE-2025-34509 #contraseña codificada de forma rígida - CVE-2025-34510 es una #vulnerabilidad de Zip Slip - CVE-2025-34511 cargar archivos sin restricciones https://t.co/RvWjroYP
@EChavarro
1 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-34511 Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file … https://t.co/bqJD35JFSp
@CVEnew
17 Jun 2025
494 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes