CVE-2025-34139
Published: Jul 25, 2025
Modified: Nov 19, 2025
Description
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected.
| Vendor | Product | Versions |
|---|---|---|
Sitecore | Experience Manager (XM) | affected 8.0 Initial Release - <= 10.4 Initial Release and later |
Sitecore | Experience Platform (XP) | affected 8.0 Initial Release - <= 10.4 Initial Release and later |
Sitecore | Experience Commerce (XC) | affected 8.0 Initial Release - <= 10.4 Initial Release and later |
Sitecore | Managed Cloud | affected 8.0 Initial Release - <= 10.4 Initial Release and later |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now