Hardcoded User Account Vulnerability in Sitecore Experience Manager and Platform
CVE-2025-34509

8.2HIGH

Key Information:

Vendor

Sitecore

Status
Experience Manager
Experience Platform
Vendor
CVE Published:
17 June 2025

Badges

đź‘ľ Exploit Existsđź“° News Worthy

What is CVE-2025-34509?

The Sitecore Experience Manager and Experience Platform contain a vulnerability that allows unauthenticated remote attackers to exploit a hardcoded user account. This flaw enables unauthorized access to the administrative API over HTTP, posing a significant security risk. Affected versions include Sitecore XM versions 10.1 to 10.1.4 rev. 011974 PRE, Sitecore XP version 10.2, as well as versions from 10.3 to 10.3.3 rev. 011967 PRE and 10.4 to 10.4.1 rev. 011941 PRE. Organizations utilizing these versions should prioritize remediation to safeguard against potential exploitation.

Affected Version(s)

Experience Manager 10.4 < 10.4.1 rev. 011941 PRE

Experience Manager 10.3 < 10.3.3 rev. 011967 PRE

Experience Manager 10.1 < 10.1.4 rev. 011974 PRE

News Articles

favicon imagewatchTowr Labs

Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform

Welcome to June! We’re back—this time, we're exploring Sitecore’s Experience Platform (XP), demonstrating a pre-auth RCE chain that we reported to Sitecore in February 2025. We’ve spent a bit of time recently looking at CMS’s given the basic fact that they represent attractive targets for

References

https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce...
third-party-advisoryexploittechnical-description

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by watchTowr Labs

  • 🟡

    Public PoC available

  • đź‘ľ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Piotr Bazydlo of watchTowr
.