File Download Vulnerability in Sitecore Experience Platform and CMS
CVE-2015-10142
6.9MEDIUM
Key Information:
- Vendor
Sitecore
- Vendor
- CVE Published:
- 25 July 2025
What is CVE-2015-10142?
The Sitecore Experience Platform (XP) versions prior to 8.0 Initial Release and Sitecore CMS versions prior to 7.2 Update-3 and 7.5 Update-1 contain a vulnerability that permits an attacker with knowledge of certain file names to download files located within the web root. While the exposure does not permit access to .config, .aspx, or .cs files, the risk of unauthorized file access highlights the need for timely updates and patching to protect sensitive data.
Affected Version(s)
Content Management System (CMS) * < 7.2 Update-3 (rev. 141226)
Content Management System (CMS) * < 7.5 Update-1 (rev. 150130)
Experience Platform (XP) * < 8.0 Initial Release (rev. 141212)