A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected.
Metrics
Affected Vendors & Products
References
History
Thu, 31 Jul 2025 10:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Sitecore
Sitecore experience Commerce Sitecore experience Manager Sitecore experience Platform Sitecore managed Cloud |
|
Vendors & Products |
Sitecore
Sitecore experience Commerce Sitecore experience Manager Sitecore experience Platform Sitecore managed Cloud |
Fri, 25 Jul 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-552 | |
Metrics |
ssvc
|
Fri, 25 Jul 2025 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected. | |
Title | Sitecore XM/XP/XC and Managed Cloud 8.0 - 10.4 Arbitrary File Read | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: VulnCheck
Published: 2025-07-25T15:54:25.297Z
Updated: 2025-07-25T18:21:11.575Z
Reserved: 2025-04-15T19:15:22.563Z
Link: CVE-2025-34139

Updated: 2025-07-25T18:21:05.618Z

Status : Awaiting Analysis
Published: 2025-07-25T16:15:28.913
Modified: 2025-07-29T14:14:55.157
Link: CVE-2025-34139

No data.