ГлавнаяУязвимости → CVE-2025-34511
8.8высокая

CVE-2025-34511

Описание

Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the server using crafted HTTP requests, resulting in remote code execution.

Затрагиваемое ПО
Sitecore Experience commerceSitecore Experience managerSitecore Experience platformSitecore Managed cloud
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667