Arbitrary File Read Vulnerability in Sitecore Experience Manager and Platform Products

CVE-2025-34139

What is CVE-2025-34139?

A critical security vulnerability affects Sitecore Experience Manager, Experience Platform, Experience Commerce, and Managed Cloud solutions that may allow unauthorized users to read arbitrary files on the server. This vulnerability impacts multiple product versions from the initial release up to later versions, including standalone instances and various deployment modes such as PaaS and containerized options. It raises significant concerns for security professionals and organizations utilizing these platforms.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References