CVE-2025-34509

High PUBLISHED

Sitecore XM and XP Hardcoded Credentials

Sitecore · Experience Manager, Experience Platform

Not yet in CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
7.5 High

At a Glance

Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.

nuclei_scanner
CVE Published
Jun 17, 2025
Exploitation Reported
Apr 30, 2026
CVSS
7.5 High
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Sitecore
Experience Manager

10.4 to < 10.4.1 rev. 011941 PRE

Affected
Sitecore
Experience Manager

10.3 to < 10.3.3 rev. 011967 PRE

Affected
Sitecore
Experience Manager

10.1 to < 10.1.4 rev. 011974 PRE

Affected
Sitecore
Experience Platform

10.4 to < 10.4.1 rev. 011941 PRE

Affected
Sitecore
Experience Platform

10.3 to < 10.3.3 rev. 011967 PRE

Affected
Sitecore
Experience Platform

10.1 to < 10.1.4 rev. 011974 PRE

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.