CVE-2025-34139
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-11-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sitecore | experience_manager | * |
| sitecore | experience_commerce | * |
| sitecore | experience_platform | * |
| sitecore | managed_cloud | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an arbitrary file read issue in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud versions from 8.0 Initial Release through 10.4 Initial Release and later. It allows an unauthenticated attacker to read arbitrary files on affected systems, including Content Management and standalone instances, as well as PaaS and containerized deployments. The attack can be performed remotely without any privileges or user interaction and has a high impact on confidentiality. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to read arbitrary files on your Sitecore systems, potentially exposing sensitive information stored in those files. Since the attacker does not need any privileges or user interaction, the risk of data leakage is significant, which could lead to unauthorized disclosure of confidential data. [1]