CVE-2025-34510 – Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) Zip Slip Remote Code Execution

June 17, 2025

CVE ID : CVE-2025-34510

Published : June 17, 2025, 7:15 p.m. | 1 hour, 14 minutes ago

Description : Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing path traversal sequences, allowing arbitrary file writes and leading to code execution.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49154 – Trend Micro Apex One, Trend Micro Worry-Free Business Security Memory Corruption Vulnerability

Next Article CVE-2025-34511 – Sitecore PowerShell Extensions Remote File Upload Vulnerability

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Anthropic beats OpenAI as the top LLM provider for business – and it’s not even close

I bought Samsung’s Galaxy Watch Ultra 2025 – here’s why I have buyer’s remorse

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

The details of TC39’s last meeting

The details of TC39’s last meeting

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

Looking for an Ubuntu Manual? Try This Book

CVE-2025-34510 – Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) Zip Slip Remote Code Execution

Why the tech industry needs to stand firm on preserving end-to-end encryption

Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)

CVE-2025-3594 – Liferay Portal Xuggler Path Traversal Remote File Inclusion

Pantaloni Pelle Moto

CVE-2025-49000 – InvenTree Label-Sheet Plugin Denial of Service Vulnerability

CVE-2025-6497 – “HTACG Tidy-html5 Assertion Vulnerability”

Pocket is shutting down – here’s how to retrieve what little data you still can

Hidden ChatGPT Productivity Tricks I Wish I Knew Earlier [With Examples]

CVE-2025-52168 – Agorum Software GmbH Agorum Core File Access Vulnerability

Privacy online – what you can do (and what you can’t)

CVE-2025-34510 – Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) Zip Slip Remote Code Execution

Related Posts