Hardcoded User Account Vulnerability in Sitecore Experience Manager and Platform
CVE-2025-34509

8.2HIGH

Key Information:

Vendor

Sitecore

Status
Experience Manager
Experience Platform
Vendor
CVE Published:
17 June 2025

Badges

šŸ“ˆ Score: 166šŸ‘¾ Exploit ExistsšŸŸ£ EPSS 23%šŸ“° News Worthy

What is CVE-2025-34509?

CVE-2025-34509 is a significant vulnerability found in the Sitecore Experience Manager (XM) and Sitecore Experience Platform (XP), specifically in their versions ranging from 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, and 10.3 to 10.3.3 rev. 011967 PRE, as well as 10.4 to 10.4.1 rev. 011941 PRE. This vulnerability stems from a hardcoded user account within these products, allowing unauthenticated and remote attackers to access administrative APIs over HTTP. As Sitecore is commonly utilized for web content management and digital experience solutions in large organizations, the presence of this vulnerability raises significant security concerns. If exploited, it could enable attackers to manipulate content, disrupt services, or gain unauthorized access to sensitive administrative functionalities, ultimately undermining an organizationā€™s security posture and operational integrity.

Potential impact of CVE-2025-34509

  1. Unauthorized Access to Administrative Functions: The hardcoded user account allows attackers to bypass authentication, providing them with potential access to critical administrative functionalities. This could lead to unauthorized changes in content, access to sensitive data, and manipulation of site functionality.

  2. Increased Risk of Data Breaches: By exploiting this vulnerability, attackers can obtain sensitive data stored in the Sitecore platform, potentially leading to significant data breaches. This can have financial ramifications and damage an organizationā€™s reputation.

  3. Disruption of Operations: Attackers gaining control over the administrative API could disrupt normal operations by altering configurations or launching additional attacks within the organization's network, potentially impacting overall service availability.

Affected Version(s)

Experience Manager 10.4 < 10.4.1 rev. 011941 PRE

Experience Manager 10.3 < 10.3.3 rev. 011967 PRE

Experience Manager 10.1 < 10.1.4 rev. 011974 PRE

News Articles

favicon imagewatchTowr Labs

Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform

Welcome to June! Weā€™re backā€”this time, we're exploring Sitecoreā€™s Experience Platform (XP), demonstrating a pre-auth RCE chain that we reported to Sitecore in February 2025. Weā€™ve spent a bit of time recently looking at CMSā€™s given the basic fact that they represent attractive targets for

References

https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce...
third-party-advisoryexploittechnical-description
https://support.sitecore.com/kb?id=kb_article_view&syspar...
vendor-advisory

EPSS Score

23% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • šŸ“°

    First article discovered by watchTowr Labs

  • šŸŸ”

    Public PoC available

  • šŸ‘¾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Piotr Bazydlo of watchTowr
JSON
.