CVE-2025-34510 – Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) Zip Slip Remote Code Execution

June 17, 2025

CVE ID : CVE-2025-34510

Published : June 17, 2025, 7:15 p.m. | 1 hour, 14 minutes ago

Description : Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing path traversal sequences, allowing arbitrary file writes and leading to code execution.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49154 – Trend Micro Apex One, Trend Micro Worry-Free Business Security Memory Corruption Vulnerability

Next Article CVE-2025-34511 – Sitecore PowerShell Extensions Remote File Upload Vulnerability

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

The biggest rival for Microsoft’s Xbox Ally is Valve’s Steam Deck, not Switch 2, so stop comparing the wrong gaming handhelds

Microsoft Copilot for Power Platform

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

Mastering TypeScript: Your Ultimate Guide to Types, Inference & Compatibility

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

CVE-2025-34510 – Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) Zip Slip Remote Code Execution

CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat

Linux-lek geeft aanvaller roottoegang: “organisaties moeten meteen patchen”

CVE-2025-47420 – Crestron Automate VX Privilege Escalation Vulnerability

Microsoft creates separate Windows 11 24H2 update for incompatible PCs

Rilasciato KDE Frameworks 6.15: Miglioramenti e Correzioni

CVE-2025-3457 – WordPress Ocean Extra Stored Cross-Site Scripting Vulnerability

Mafia: The Old Country Confirmed To Launch on PS 5, Xbox Series X|S, and PC Soon on THIS Date – Check for Details

CVE-2025-3955 – “Codeprojects Patient Record Management System SQL Injection Vulnerability”

CVE-2025-46203 – Apache Unifiedtransform Privilege Escalation Vulnerability

CVE-2024-13967 – EIBPORT Web Server Configuration Page Authentication Bypass

CVE-2025-34510 – Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) Zip Slip Remote Code Execution

Related Posts