8.8
CVE-2025-34510
- EPSS 87.27%
- Veröffentlicht 17.06.2025 18:46:04
- Zuletzt bearbeitet 08.09.2025 19:22:24
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing path traversal sequences, allowing arbitrary file writes and leading to code execution.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Sitecore ≫ Experience Commerce Version >= 9.0 <= 10.4
Sitecore ≫ Experience Manager Version >= 9.0 <= 10.4
Sitecore ≫ Experience Platform Version >= 9.0 < 10.4
Sitecore ≫ Experience Platform Version10.4 Update-
Sitecore ≫ Managed Cloud Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 87.27% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-23 Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.