CVE-2025-34138

A vulnerability exists in SitecoreExperience Manager (XM),Experience Platform (XP),Experience Commerce (XC), andManaged Cloud that could allow remote code execution orunauthorized access to information.This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 9.2 Initial Release through 10.4 Initial Release. PaaS and containerized solutions are similarly affected.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003734
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003743
https://www.vulncheck.com/advisories/sitecore-xm-xp-xc-managed-cloud-rce