CVE-2025-34509 – Sitecore Experience Manager (XM) and Experience Platform (XP) Hardcoded User Account Remote Authentication Bypass

June 17, 2025

CVE ID : CVE-2025-34509

Published : June 17, 2025, 7:15 p.m. | 1 hour, 15 minutes ago

Description : Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-34511 – Sitecore PowerShell Extensions Remote File Upload Vulnerability

Next Article CVE-2025-49220 – Trend Micro Apex Central Remote Code Execution Vulnerability

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

SD Times 100

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

‘No aggressive monetization’ — Nexus Mods’ new ownership responds to worried members

Build AI Agents That Run Your Day – While You Focus on What Matters

Build AI Agents That Run Your Day – While You Focus on What Matters

Faster Builds in Meteor 3.3: Modern Build Stack with SWC and Bundler Optimizations

How to Change Redirect After Login/Register in Laravel Breeze

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

CVE-2025-34509 – Sitecore Experience Manager (XM) and Experience Platform (XP) Hardcoded User Account Remote Authentication Bypass

The “Infinite Workday” is Here: Microsoft Warns of Never-Ending Work Driven by Hybrid Models & AI

Mastodon Cracks Down: New Terms Ban Unauthorized AI Data Scraping

CVE-2025-48491 – Project AI Exposed Hardcoded API Key Vulnerability

CVE-2025-5200 – Open Asset Import Library Assimp Out-of-Bounds Read Vulnerability

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

Reimagining Find Care: How AI is Transforming the Digital Healthcare Experience [Webinar]

CVE-2025-4031 – PHPGurukul Pre-School Enrollment System SQL Injection Vulnerability

CVE-2024-52903 – IBM Db2 Denial of Service

The Dark Coffee

Hackers exploited Windows WebDav zero-day to drop malware

CVE-2025-34509 – Sitecore Experience Manager (XM) and Experience Platform (XP) Hardcoded User Account Remote Authentication Bypass

Related Posts