Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Jun 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 17 Jun 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
Tue, 17 Jun 2025 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP. | |
Title | Sitecore XM and XP Hardcoded Credentials | |
Weaknesses | CWE-798 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: VulnCheck
Published: 2025-06-17T18:20:57.441Z
Updated: 2025-06-18T03:56:09.729Z
Reserved: 2025-04-15T19:15:22.612Z
Link: CVE-2025-34509

Updated: 2025-06-17T19:04:47.633Z

Status : Awaiting Analysis
Published: 2025-06-17T19:15:31.423
Modified: 2025-06-17T20:50:23.507
Link: CVE-2025-34509

No data.