Sign In

CVE-2025-34509

📊 8.2 HIGH16.2%🎯 0 exploits
📅 Published Jun 17, 2025
📋 Status: Analyzed

Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.

🎯 Affected Products & Systems

5 product configurations affected

Filter by type:
📱
Vulnerable
Version: ≥ 9.0 ∧ ≤ 10.4
CPE:
cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*
📱
Vulnerable
Version: ≥ 9.0 ∧ ≤ 10.4
CPE:
cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*
📱
Vulnerable
Version: ≥ 9.0 ∧ < 10.4
CPE:
cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*
📱
Vulnerable
Version: 10.4
CPE:
cpe:2.3:a:sitecore:experience_platform:10.4:-:*:*:*:*:*:*
📱
sitecore / managed cloud
Application
Vulnerable
Version: All versions
CPE:
cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:*
5 productsscroll for more
Metrics
8.2 HIGHCVSS v3.1[email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
LOW
Availability:
NONE
Scope:
UNCHANGED

🔍 Technical Details

Analysis Status
Analyzed
CVSS Details
8.2 (HIGH)v3.1
Source: [email protected]
EPSS Details
16.2% (Low)94.5th percentile
Last updated: Oct 31, 2025
Exploitation probability within 30 days
Published Date
Jun 17, 2025 (4 months ago)
Last Modified
Sep 8, 2025 (1 month ago)
Security Weaknesses1
References2