CNNVD-202506-2089 Information
CNNVD ID
CNNVD-202506-2089
Related CVE
- CNNVD Published: 2025-06-17
Description (Chinese)
Sitecore Experience Platform(XP)等都是丹麦Sitecore公司的产品。Sitecore Experience Platform是一套客户数字体验平台。Sitecore Experience Manager(XM)是一个管理软件。Sitecore Experience Commerce(XC)是一个原生集成、支持云的软件平台,使品牌能够在购物前、购物中、购物中、购物前、购物过程中提供完全个性化的端到端购物体验。 Sitecore多款产品存在安全漏洞,该漏洞源于Zip Slip漏洞,可能导致任意文件写入和代码执行。以下产品及版本受到影响:Sitecore Experience Manager、Experience Platform和Experience Commerce 9.0至9.3版本和10.0至10.4版本。
Description (English)
Setcore Exchange Platform (XP) and others are products of the Danish company Sitecore. Sitecore Exchange Platform is a client digital experience platform. Site Exchange Manager (XM) is a management software. Sitecore Exchange Company (XC) is a raw, integrated, cloud-support software platform that enables brands to provide fully personalized end-to-end shopping experiences before, during, during, before, during and during shopping. There is a safety loophole in multiple Sitecore products, which originates from the Zip Slip loophole, which may lead to any document being written and coded. The following products and versions have been affected: Setecore Exchange Manager, Express Platform and Express Division 9.0-9.3 and 10.0-10.4.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Sitecore
Published
2025-06-17
Last Modified
2026-02-24
References
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667 https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/ https://nvd.nist.gov/vuln/detail/CVE-2025-34510
Patch
https://www.sitecore.com/products/experience-manager
Share on: